[wp-trac] Re: [WordPress Trac] #2769: Non-integer provided as
page_id reveals a bug on pages list
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 2 07:17:33 GMT 2006
#2769: Non-integer provided as page_id reveals a bug on pages list
-------------------------+--------------------------------------------------
Id: 2769 | Status: assigned
Component: General | Modified: Fri Jun 2 07:17:33 2006
Severity: major | Milestone: 2.1
Priority: normal | Version: 2.1
Owner: markjaquith | Reporter: pcdinh
-------------------------+--------------------------------------------------
Changes (by markjaquith):
* component: Security => General
* severity: critical => major
* summary: Security implication: Sql injection on page_id reveals a bug
on pages list => Non-integer provided as
page_id reveals a bug on pages list
* status: new => assigned
* owner: anonymous => markjaquith
Comment:
It seems that if page_id is not an integer, it is removed from the query
altogether (latest trunk)
{{{
ELECT * FROM wp_posts WHERE (post_type = 'page' AND post_status =
'publish') ORDER BY post_title ASC
}}}
No SQL injection potential. Although, blank page_id should probably run a
front page query, not a query of all pages!
I'm taking away the "security" marking for this bug, because non-integer
data isn't be inserted into the query. In the future, if you thing you've
identified a security issue, please send it to security at wordpress.org
--
Ticket URL: <http://trac.wordpress.org/ticket/2769>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list