[wp-trac] Re: [WordPress Trac] #2769: Non-integer provided as page_id reveals a bug on pages list

WordPress Trac wp-trac at lists.automattic.com
Fri Jun 2 07:17:33 GMT 2006


#2769: Non-integer provided as page_id reveals a bug on pages list
-------------------------+--------------------------------------------------
       Id:  2769         |      Status:  assigned                
Component:  General      |    Modified:  Fri Jun  2 07:17:33 2006
 Severity:  major        |   Milestone:  2.1                     
 Priority:  normal       |     Version:  2.1                     
    Owner:  markjaquith  |    Reporter:  pcdinh                  
-------------------------+--------------------------------------------------
Changes (by markjaquith):

  * component:  Security => General
  * severity:  critical => major
  * summary:  Security implication: Sql injection on page_id reveals a bug
              on pages list => Non-integer provided as
              page_id reveals a bug on pages list
  * status:  new => assigned
  * owner:  anonymous => markjaquith

Comment:

 It seems that if page_id is not an integer, it is removed from the query
 altogether (latest trunk)

 {{{
 ELECT * FROM wp_posts  WHERE (post_type = 'page' AND post_status =
 'publish')    ORDER BY post_title ASC
 }}}

 No SQL injection potential.  Although, blank page_id should probably run a
 front page query, not a query of all pages!

 I'm taking away the "security" marking for this bug, because non-integer
 data isn't be inserted into the query.  In the future, if you thing you've
 identified a security issue, please send it to security at wordpress.org

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2769>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list