[wp-trac] [WordPress Trac] #12281: Double Escaped Problem in wp_getComments
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 19 00:18:04 UTC 2010
#12281: Double Escaped Problem in wp_getComments
--------------------------+-------------------------------------------------
Reporter: josephscott | Owner: josephscott
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: XML-RPC | Version:
Severity: normal | Keywords: has-patch
--------------------------+-------------------------------------------------
The XML-RPC method wp.getComments uses the wp_getComment function to
gather up the individual comment details. It provides the wp_getComment
with the already escaped version of blog_id, username, and password. The
wp_getComment function then escapes those values again. This causes a
problem if your password happens to have a single quote in it.
We need to pass the original, un-escaped, raw arguments to wp_getComment
so that they don't end up escaped twice. I've created a patch that keeps
a copy of $args in $raw_args and uses those when calling wp_getComment.
This is definitely a bug so I'd like to see it in 3.0. If we have another
2.9.x release it should probably go in there as well. I'm happy to put
together a 2.9.x specific patch if we do that.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12281>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list