[wp-trac] Re: [WordPress Trac] #5455: Charset SQL Injection
Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 13 20:54:54 GMT 2007
#5455: Charset SQL Injection Vulnerability
-----------------------+----------------------------------------------------
Reporter: pishmishy | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.5
Component: Security | Version: 2.4
Severity: normal | Resolution:
Keywords: |
-----------------------+----------------------------------------------------
Comment (by ryan):
There are both mysql_set_charset() and mysqli_set_charset flavors, I
believe. I think you have to have fairly recent versions of MySQL and PHP
for these things to work as they should. set_charset() is a necessity for
us.
It looks like drupal uses mysql_real_escape_string() and SET NAMES without
using mysql_set_charset(). I wonder how they get away with that. I think
they upgrade their tables so that they are in UTF-8. Maybe they force
UTF-8 everywhere?
--
Ticket URL: <http://trac.wordpress.org/ticket/5455#comment:9>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list