[wp-trac] Re: [WordPress Trac] #3722: DB error when sanitized
search string results in empty query
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 10 02:53:00 GMT 2007
#3722: DB error when sanitized search string results in empty query
-------------------------------------------------+--------------------------
Reporter: zippity | Owner: charleshooper
Type: defect | Status: closed
Priority: normal | Milestone: 2.1.2
Component: General | Version: 2.1
Severity: normal | Resolution: fixed
Keywords: has-patch needs-testing 2nd-opinion |
-------------------------------------------------+--------------------------
Comment (by charleshooper):
That's pretty annoying. Even without the fix there is no SQL injection
vulnerability there whatsoever. The error is caused by an empty set of
parenthesis. The keyword here is EMPTY.
I had spent a good deal of time making sure nothing could be passed to the
query string (before and after this fix,) but I guess all it takes to post
to a security mailing list is an email address.
--
Ticket URL: <http://trac.wordpress.org/ticket/3722#comment:11>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list