[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 24 23:27:06 UTC 2009
#11608: wpdb->prepare() is broken
-----------------------------+----------------------------------------------
Reporter: hakre | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Database | Version: 2.9
Severity: normal | Keywords: needs-patch dev-feedback
-----------------------------+----------------------------------------------
Changes (by dd32):
* priority: high => normal
* type: defect (bug) => feature request
* component: Security => Database
* severity: critical => normal
* milestone: 2.9.1 => Future Release
Comment:
Settign to feature request and Future release due to nature of the
request, In the event that someone takes it on to write a 'better' prepare
parser, or a deve feels like it needs changing, it can be brought forward
into the current release.
Priority and Severity: It works securely at present if the basic printf
rules are followed.
Can you please supply some examples of what doesnt work? What problems are
run into when using '%%' for example?
The data being passed into the function may contain whatever it wants,
That doesnt affect the parser, The only location where you have to be
careful, Is the Query itself, If you require to use '%' in there, then it
needs to be escaped properly, That is the only time it should cause an
error.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list