[wp-trac] [WordPress Trac] #11608: wpdb->prepare() is broken
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 25 00:24:48 UTC 2009
#11608: wpdb->prepare() is broken
-----------------------------+----------------------------------------------
Reporter: hakre | Owner: ryan
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Database | Version: 2.9
Severity: normal | Keywords: has-patch dev-feedback
-----------------------------+----------------------------------------------
Changes (by dd32):
* keywords: needs-patch dev-feedback => has-patch dev-feedback
Comment:
> attachment 11608.diff added
* Avoid quoting pre-escaped placement holders
While that is a security risk, Its also pretty hard to exploit due to
vsprintf throwing its hands up at the mis-matched arguements, some basic
sanitization of your input data would also help prevent it.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11608#comment:10>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list