[wp-trac] Re: [WordPress Trac] #4690: Wordpress options.php SQL
Injection Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Wed Aug 1 18:12:21 GMT 2007
#4690: Wordpress options.php SQL Injection Vulnerability
-------------------------------------+--------------------------------------
Reporter: BenjaminFlesch | Owner: Nazgul
Type: defect | Status: assigned
Priority: high | Milestone: 2.3 (trunk)
Component: Security | Version: 2.2.1
Severity: major | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+--------------------------------------
Comment (by markjaquith):
Try that patch on for size. The issue here is that while add_option() and
update_option() expect the option name to be unescaped, get_option()
expects it to be pre-escaped. So we need to create a safe version of the
option name to use when add/update_option call get_option().
This is seriously messed up, and will be fixed properly in 2.4 (by making
ALL FUNCTIONS expect unescaped data).
--
Ticket URL: <http://trac.wordpress.org/ticket/4690#comment:5>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list