[wp-trac] [WordPress Trac] #10041: like_escape() should escape backslashes too
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 5 03:48:36 UTC 2010
#10041: like_escape() should escape backslashes too
--------------------------------------------+-------------------------------
Reporter: miau_jp | Owner:
Type: defect (bug) | Status: reopened
Priority: low | Milestone: 3.0
Component: Formatting | Version: 2.8
Severity: minor | Resolution:
Keywords: has-patch early has-unit-tests |
--------------------------------------------+-------------------------------
Comment(by miqrogroove):
Yes of course. The problem is that quotes are unavoidable when discussing
slashes. Earlier, I was trying to explain to Mark the difference between
\% \\% \' and \\\' in LIKE values. Unfortunately, those last 2 examples
turned out to be identical, screwing up my point about the need to double-
escape slashes and percent chars.
In any case, the focus should be on how to implement stripslashes() and
escape/prepare so that the like_escape() function doesn't create
vulnerabilities.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10041#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list