[wp-trac] [WordPress Trac] #11819: Use mysql_real_escape_string instead of addslashes
WordPress Trac
wp-trac at lists.automattic.com
Mon Feb 15 14:25:46 UTC 2010
#11819: Use mysql_real_escape_string instead of addslashes
-----------------------------------+----------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: high | Milestone: 3.0
Component: Security | Version: 2.5
Severity: critical | Resolution:
Keywords: dev-feedback featured |
-----------------------------------+----------------------------------------
Comment(by Denis-de-Bernardy):
@microgroove: not quite obsolete yet. addslashes_gpc() might also need to
be fixed.
It would be really sweet if this were fixed in WP 3.0. there's going to be
an increasing number of WPMU installs, and many may eventually be subject
to SQL injections because wpdb->escape() is a mere alias for addslashes().
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11819#comment:23>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list