[wp-trac] [WordPress Trac] #11605: esc_sql does not escape sql, it just adds slashes
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 24 19:33:42 UTC 2009
#11605: esc_sql does not escape sql, it just adds slashes
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9
Severity: normal | Keywords: has-patch
--------------------------+-------------------------------------------------
esc_sql has been introduced for completeness (esc_* named functions;
[11490]). time has showed that next to the function naming game (offering
kind of an API without an API definition) nothing more has evolved since
then. so it's a fact that it does not properly escape SQL, it's just an
alias (one with many lines of code for such a thing) for addslashes with
it's meaning to add slashes.
the code can better reflect that with a simple change.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11605>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list