[wp-trac] [WordPress Trac] #11819: Use mysql_real_escape_string instead of addslashes
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 15 16:26:44 UTC 2010
#11819: Use mysql_real_escape_string instead of addslashes
-----------------------------------+----------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: Security | Version: 2.5
Severity: critical | Resolution:
Keywords: dev-feedback featured |
-----------------------------------+----------------------------------------
Comment(by miqrogroove):
I don't see a problem with addslashes_gpc(). It's being used in wp-query
to haphazardly escape some SQL variables. Whatever damage can be done
there, it appears to be confined to DB logic.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11819#comment:24>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list