[wp-trac] [WordPress Trac] #11779: SQL injection would be possible in ms-edit.php if it weren't for magic quotes
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 6 20:09:44 UTC 2010
#11779: SQL injection would be possible in ms-edit.php if it weren't for magic
quotes
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 3.0
Severity: critical | Keywords: multisite
-------------------------------+--------------------------------------------
Comment(by Denis-de-Bernardy):
See also #11774, #11775, #11776, #11777, #11778...
Basically, in this file, anything that can potentially be changed by
addslashes/stripslashes can lead to bugs and problems. The function that
is noted in #11771 is a completely incorrect means to fix this.
Re report: will do.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11779#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list