[wp-trac] [WordPress Trac] #6600: error in function
gallery_shortcode (wp-includes/media.php)
WordPress Trac
wp-trac at lists.automattic.com
Sat Apr 5 11:19:34 GMT 2008
#6600: error in function gallery_shortcode (wp-includes/media.php)
---------------------+------------------------------------------------------
Reporter: mhubi | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.5.1
Component: General | Version: 2.5
Severity: major | Keywords:
---------------------+------------------------------------------------------
I found a wrong (escaped) parameter in the variable orderby on line 355 of
the file wp-includes/media.php:
{{{
$attachments =
get_children("post_parent=$id&post_type=attachment&post_mime_type=image&orderby=\"{$orderby}\"");
}}}
The parameter will be escaped f.e. so:
{{{
post_parent=3&post_type=attachment&post_mime_type=image&orderby=\"menu_order
ASC, ID ASC\"
}}}
----
My database returns an error on executing this query which is generated
and queried in wp-includes/post.php in line 475:
{{{
SELECT DISTINCT *
FROM wp_posts
WHERE 1=1 AND post_type = 'attachment' AND wp_posts.post_parent = 3 AND
(post_mime_type LIKE 'image/%')
GROUP BY wp_posts.ID ORDER BY \"menu_order ASC, ID ASC\" DESC
}}}
The database error is
{{{
#1064 - You have an error in your SQL syntax;
check the manual that corresponds to your MySQL server version for the
right syntax to use near '\"menu_order ASC, ID ASC\" DESC' at line 1
}}}
I think the character \ is the problem.
----
I also found a workaround. Replace the line 475 in wp-includes/post.php
{{{
$query .= " GROUP BY $wpdb->posts.ID ORDER BY " . $orderby . ' ' .
$order;
}}}
with this line
{{{
$query .= " GROUP BY $wpdb->posts.ID ORDER BY " .
stripslahes($orderby) . ' ' . $order;
}}}
But I think this is a security risk.
Sorry for my bad english ;-)
--
Ticket URL: <http://trac.wordpress.org/ticket/6600>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list