[wp-trac] Re: [WordPress Trac] #2758: Security issue: cat parameter is vunerable to sql injection

[WordPress Trac]

#2758: Security issue: cat parameter is vunerable to sql injection
-----------------------+----------------------------------------------------
       Id:  2758       |      Status:  new                     
Component:  Security   |    Modified:  Thu Jun  1 07:18:05 2006
 Severity:  critical   |   Milestone:  2.1                     
 Priority:  highest    |     Version:  2.0.2                   
    Owner:  anonymous  |    Reporter:  pcdinh                  
-----------------------+----------------------------------------------------
Changes (by pcdinh):

  * component:  Administration => Security

Comment:

 My solution: In wp-includes/query.php, before $q['cat'] =
 ''.urldecode($q['cat']).''; I add:

 $q['cat'] = intval($q['cat']);

 Thanks

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2758>
WordPress Trac <http://wordpress.org/>
WordPress blogging software