[wp-trac] Re: [WordPress Trac] #4690: Wordpress options.php SQL Injection Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Wed Aug 1 18:12:21 GMT 2007

#4690: Wordpress options.php SQL Injection Vulnerability
 Reporter:  BenjaminFlesch           |        Owner:  Nazgul     
     Type:  defect                   |       Status:  assigned   
 Priority:  high                     |    Milestone:  2.3 (trunk)
Component:  Security                 |      Version:  2.2.1      
 Severity:  major                    |   Resolution:             
 Keywords:  has-patch needs-testing  |  
Comment (by markjaquith):

 Try that patch on for size.  The issue here is that while add_option() and
 update_option() expect the option name to be unescaped, get_option()
 expects it to be pre-escaped.  So we need to create a safe version of the
 option name to use when add/update_option call get_option().

 This is seriously messed up, and will be fixed properly in 2.4 (by making
 ALL FUNCTIONS expect unescaped data).

Ticket URL: <http://trac.wordpress.org/ticket/4690#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list