[wp-trac] [WordPress Trac] #11605: wpdb::_weak_escape() is an alias to addslashes only
WordPress Trac
wp-trac at lists.automattic.com
Sun Dec 27 22:29:45 UTC 2009
#11605: wpdb::_weak_escape() is an alias to addslashes only
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+-------------------------------------------------
Comment(by hakre):
@nacin: I'm not pedantic (than I would take a look when that comment went
in), but if a developer writes it's own implementation of wpdb without
taking the default function definition into account, I think that guy is
pretty lost.
{{{
* Escapes content for insertion into the database using addslashes(), for
security
}}}
Guess where this line is taken from. But that only as a sidenote, I do not
want to argue about that any longer. You can update the patch that it does
the additional function call to the private member _weak_escape (which
otherwise could just be deleted, because it's not needed any longer) and
then at least the escape function benefitted from the other improvements
the patch has.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11605#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list