[3.2.5] SQL injection #1575

@mikejolley Can you check this please, can't get the queries to work
(return anything else than 0) or I am doing something wrong...

widgets/widget-price_filter.php

@@ -90,27 +90,32 @@ class WooCommerce_Widget_Price_Filter extends WP_Widget {
 		$min = $max = 0;
 		$post_min = $post_max = '';
 
-		if ( sizeof( $woocommerce->query->layered_nav_product_ids ) == 0 ) :
+		if ( sizeof( $woocommerce->query->layered_nav_product_ids ) != 0 ) {
-
+			$max = ceil( $wpdb->get_var(
-			$max = ceil($wpdb->get_var("SELECT max(meta_value + 0)
+				$wpdb->prepare('
-			FROM $wpdb->posts
+					SELECT max(meta_value + 0)
-			LEFT JOIN $wpdb->postmeta ON $wpdb->posts.ID = $wpdb->postmeta.post_id
+					FROM %1$s
-			WHERE meta_key = '_price'"));
+					LEFT JOIN %2$s ON %1$s.ID = %2$s.post_id
-
+					WHERE meta_key = %3$s
-		else :
+				'), $wpdb->posts, $wpdb->postmeta, '_price'
-
+			) );
-			$max = ceil($wpdb->get_var("SELECT max(meta_value + 0)
+		} else {
-			FROM $wpdb->posts
+			$max = ceil( $wpdb->get_var(
-			LEFT JOIN $wpdb->postmeta ON $wpdb->posts.ID = $wpdb->postmeta.post_id
+				$wpdb->prepare('
-			WHERE meta_key = '_price' AND (
+					SELECT max(meta_value + 0)
-				$wpdb->posts.ID IN (".implode(',', $woocommerce->query->layered_nav_product_ids).")
+					FROM %1$s
-				OR (
+					LEFT JOIN %2$s ON %1$s.ID = %2$s.post_id
-					$wpdb->posts.post_parent IN (".implode(',', $woocommerce->query->layered_nav_product_ids).")
+					WHERE meta_key = %3$s
-					AND $wpdb->posts.post_parent != 0
+					AND (
-				)
+						%1$s.ID IN (%4$s)
-			)"));
+						OR (
-
+							%1$s.post_parent IN (%4$s)
-		endif;
+							AND %1$s.post_parent != 0
+						)
+					)
+				'), $wpdb->posts, $wpdb->postmeta, '_price', implode( ',', $woocommerce->query->layered_nav_product_ids )
+			) );
+		}
 
 		if ( $min == $max ) return;