[wp-trac] [WordPress Trac] #21359: htmlspecialchars() in wp-db.php is a small vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Mon Jul 23 20:31:25 UTC 2012
#21359: htmlspecialchars() in wp-db.php is a small vulnerability
--------------------------+-----------------------------
Reporter: planetzuda | Owner: planetzuda
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.4.1
Severity: minor | Keywords: needs-patch
--------------------------+-----------------------------
Hey,
I was working with wp-db.php when I noticed htmlspecialchars is being used
where htmlentities should be used. I know this is very minor, but I've
fixed sites that have been hacked due to the misuse of htmlspecialchars. I
reccomend changing htmlspecialchars to htmlentities when the site bails
with an error. I've already fixed it on my install, so I'd be happy to
upload the fixed file.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21359>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list