[wp-meta] [Making WordPress.org] #6506: Not sanitized the relation operator argument in WP_Tax_Query{}
Making WordPress.org
noreply at wordpress.org
Tue Sep 27 19:06:25 UTC 2022
#6506: Not sanitized the relation operator argument in WP_Tax_Query{}
--------------------------+-------------------------
Reporter: rudlinkon | Owner: (none)
Type: defect (bug) | Status: new
Priority: high | Milestone:
Component: API | Keywords: needs-patch
--------------------------+-------------------------
the input `relation` argument directly stored here `wp-includes/class-wp-
date-query.php:625`
{{{#!php
$relation = $query['relation'];
}}}
and this is used on here `wp-includes/class-wp-date-query.php:667`
{{{#!php
$sql['where'] = '( ' . "\n " . $indent . implode( ' ' . "\n " . $indent
. $relation . ' ' . "\n " . $indent, $sql_chunks['where'] ) . "\n" .
$indent . ')';
}}}
so the input arguments should be sanitized otherwise it may abuse.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/6506>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list