[wp-hackers] SQL injection
Denis de Bernardy
denis at mesoconcepts.com
Thu Dec 6 01:22:47 GMT 2007
I've tried with the example's url, including after urlencoding and
rawurlencoding it. The best I get is a WP database error
(http://trac.wordpress.org/ticket/5185). Which is arguably not good, since
the error comes from the translation of ' characters to their html entity
equivalent. But not worth being alarmed from as far as I can tell.
I'm curious to know the security folks' opinion on this though. Is this a
false alarm? Or are we going to have a 2.3.2 release in the next couple
days?
D.
More information about the wp-hackers
mailing list