[wp-trac] [WordPress Trac] #3722: Search string does not sanitize
commas
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 31 00:44:24 GMT 2007
#3722: Search string does not sanitize commas
----------------------+-----------------------------------------------------
Reporter: zippity | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.1.1
Component: Security | Version: 2.1
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
When entering a comma "," into the search function, you get the following
error displayed at top of page:[[BR]]
>>>>
WordPress database error: [You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near ') AND ((post_status = 'publish' OR post_status = 'private'))
ORDER BY post_dat' at line 1]
SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts WHERE 1=1 AND () AND
((post_status = 'publish' OR post_status = 'private')) ORDER BY post_date
DESC LIMIT 0, 10
>>>>
[[BR]]
Multiple commas produce the same result.[[BR]]
If you enter anything in addition to the comma, it works fine.
--
Ticket URL: <http://trac.wordpress.org/ticket/3722>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list