[wp-trac] [WordPress Trac] #4545: Slashing consistency

[WordPress Trac]

#4545: Slashing consistency
-------------------------+--------------------------------------------------
 Reporter:  markjaquith  |       Owner:  anonymous   
     Type:  task         |      Status:  new         
 Priority:  normal       |   Milestone:  2.4 (future)
Component:  Security     |     Version:  2.3         
 Severity:  normal       |    Keywords:              
-------------------------+--------------------------------------------------
 In order to make SQL injection bugs easier to find, I propose that we
 standardize the way WP functions expect their data.  Specifically, I
 propose that all WP functions expect unslashed data.  This allows them to
 do their slashing within the function, before making SQL queries.

 Expecting slashed data is dangerous.  It's no problem if the data comes
 from GPC/S, but when data is manipulated or queried from the database, it
 can become unslashed.  Passing unslashed data to functions that expect
 slashed data leads to SQL injection bugs.

 On the other hand, passing slashed data to functions that expect unslashed
 data only leads to double-slashing... an annoyance, rather than a security
 hole.  And if we implement this at the start of the 2.4 development cycle,
 we can eliminate any WP core instances of doubleslashing as well as give
 plugin authors 4 months of prep time to update plugins that use affected
 functions.

 Instead of:

  1. Get data passed to function
  1. ?
  1. Make SQL query

 We can have a consistent flow of:

  1. Get data passed to function
  1. Escape it.
  1. Make SQL query

 This will make SQL injection bugs much more blatantly obvious.  Right now,
 they are hard to track down, because Step 2 is an unknown.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4545>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software