[wp-trac] [WordPress Trac] #11788: barely sanitized strings are put straight in the database in ms-site.php

WordPress Trac wp-trac at lists.automattic.com
Wed Jan 6 21:07:58 UTC 2010


#11788: barely sanitized strings are put straight in the database in ms-site.php
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:                
     Type:  enhancement        |      Status:  new           
 Priority:  normal             |   Milestone:  Future Release
Component:  Multisite          |     Version:  3.0           
 Severity:  normal             |    Keywords:                
-------------------------------+--------------------------------------------
 there arguably are magic quotes, but it's freaky scary to read things such
 as:

 {{{
 $s = wp_specialchars( trim( $_GET[ 's' ] ) );
 ...
 " AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE
 '%{$s}%' ) ";
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11788>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list