[wp-trac] [WordPress Trac] #2751: Metavalues not properly escaped
before being inserted into the database
WordPress Trac
wp-trac at lists.automattic.com
Sun May 28 21:34:43 GMT 2006
#2751: Metavalues not properly escaped before being inserted into the database
----------------------------+-----------------------------------------------
Id: 2751 | Status: new
Component: Administration | Modified: Sun May 28 21:34:43 2006
Severity: normal | Milestone:
Priority: normal | Version: 2.0.2
Owner: anonymous | Reporter: joaocosta
----------------------------+-----------------------------------------------
Certain plugins use meta fields for specific purposes. When a post
containing these meta fields is saved, their content is not being escaped
and if the field contains special SQL characters, the result is a MySQL
error.
The place where this error occurs is in wp-includes/functions.php, line
433.
I patched mine by adding a call to $wpdb->escape before the metavalue is
inserted in the database.
--
Ticket URL: <http://trac.wordpress.org/ticket/2751>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list