[wp-trac] [WordPress Trac] #12402: make addslashes_gpc() use addslashes() fix to use real_escape, rather than addslashes
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 2 06:09:38 UTC 2010
#12402: make addslashes_gpc() use addslashes() fix to use real_escape, rather than
addslashes
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Triage
Component: Security | Version: 3.0
Severity: normal | Keywords: has-patch needs-testing
-------------------------------+--------------------------------------------
Comment(by hakre):
Just to make bold what miqrogroove just wrote: Blindly using "real_escape"
does not help if there exists no function to revert it on the same data to
use decoded values on various places. Currently stripslashes() is used to
revert addslashes(). That won't work for real_escape() conceptually and
the whole codebase must be changed from strispashes() -> real_unescape()
of which later is missing (!).
Related: #14169
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12402#comment:13>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list