[wp-trac] [WordPress Trac] #11788: barely sanitized strings are put straight in the database in ms-site.php
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 6 21:07:58 UTC 2010
#11788: barely sanitized strings are put straight in the database in ms-site.php
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Multisite | Version: 3.0
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
there arguably are magic quotes, but it's freaky scary to read things such
as:
{{{
$s = wp_specialchars( trim( $_GET[ 's' ] ) );
...
" AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE
'%{$s}%' ) ";
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11788>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list