[wp-trac] [WordPress Trac] #3722: Search string does not sanitize commas

WordPress Trac wp-trac at lists.automattic.com
Wed Jan 31 00:44:24 GMT 2007


#3722: Search string does not sanitize commas
----------------------+-----------------------------------------------------
 Reporter:  zippity   |       Owner:  anonymous
     Type:  defect    |      Status:  new      
 Priority:  normal    |   Milestone:  2.1.1    
Component:  Security  |     Version:  2.1      
 Severity:  normal    |    Keywords:           
----------------------+-----------------------------------------------------
 When entering a comma "," into the search function, you get the following
 error displayed at top of page:[[BR]]

 >>>>
 WordPress database error: [You have an error in your SQL syntax; check the
 manual that corresponds to your MySQL server version for the right syntax
 to use near ') AND ((post_status = 'publish' OR post_status = 'private'))
 ORDER BY post_dat' at line 1]
 SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts WHERE 1=1 AND () AND
 ((post_status = 'publish' OR post_status = 'private')) ORDER BY post_date
 DESC LIMIT 0, 10
 >>>>
 [[BR]]
 Multiple commas produce the same result.[[BR]]
 If you enter anything in addition to the comma, it works fine.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3722>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list