[wp-trac] [WordPress Trac] #11819: Use mysql_real_escape_string instead of addslashes (was: mysql_real_escape_string available now / PHP 4.3 are minimum system requirements since 2.9)
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 8 04:58:25 UTC 2010
#11819: Use mysql_real_escape_string instead of addslashes
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: high | Milestone: Unassigned
Component: Security | Version: 2.9.1
Severity: critical | Keywords: dev-feedback
--------------------------+-------------------------------------------------
Changes (by nacin):
* keywords: needs-patch => dev-feedback
* milestone: 2.9.2 => Unassigned
Comment:
We bumped MySQL to 4.1.2. We've been requiring PHP 4.3 since, I think, WP
2.5.
As the history shows (thanks for the kudos), whenever we've switched over
to real_escape, we've quickly reverted to addslashes(). I doubt the core
devs will want to attempt this again. At the very least, this belongs
nowhere near a maintenance release.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11819#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list