[wp-meta] [Making WordPress.org] #6506: Not sanitized the relation operator argument in WP_Tax_Query{}

Making WordPress.org noreply at wordpress.org
Tue Sep 27 19:06:25 UTC 2022


#6506: Not sanitized the relation operator argument in WP_Tax_Query{}
--------------------------+-------------------------
 Reporter:  rudlinkon     |      Owner:  (none)
     Type:  defect (bug)  |     Status:  new
 Priority:  high          |  Milestone:
Component:  API           |   Keywords:  needs-patch
--------------------------+-------------------------
 the input `relation` argument directly stored here `wp-includes/class-wp-
 date-query.php:625`

 {{{#!php
 $relation = $query['relation'];
 }}}

 and this is used on here `wp-includes/class-wp-date-query.php:667`

 {{{#!php
 $sql['where'] = '( ' . "\n  " . $indent . implode( ' ' . "\n  " . $indent
 . $relation . ' ' . "\n  " . $indent, $sql_chunks['where'] ) . "\n" .
 $indent . ')';
 }}}

 so the input arguments should be sanitized otherwise it may abuse.

-- 
Ticket URL: <https://meta.trac.wordpress.org/ticket/6506>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org


More information about the wp-meta mailing list