[wp-trac] [WordPress Trac] #16228: $wpdb->query and DROP TABLE

WordPress Trac wp-trac at lists.automattic.com
Fri Jan 14 10:54:36 UTC 2011


#16228: $wpdb->query and DROP TABLE
--------------------------+-----------------------------
 Reporter:  elfin         |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Database      |    Version:  3.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 Using the shiny new admin Debug Bar plugin I noticed an issue on a plugin
 uninstall.

 1. WARNING: E:\htdocs\wpbeta\wp-includes\wp-db.php:1120 -
 mysql_num_fields() expects parameter 1 to be resource, boolean given
 2. WARNING: E:\htdocs\wpbeta\wp-includes\wp-db.php:1125 -
 mysql_fetch_object(): supplied argument is not a valid MySQL result
 resource
 3. WARNING: E:\htdocs\wpbeta\wp-includes\wp-db.php:1130 -
 mysql_free_result() expects parameter 1 to be resource, boolean given

 looking at line 1110 of wp-db.php I see this line:
 {{{
 if ( preg_match( "/^\\s*(insert|delete|update|replace|alter) /i", $query )
 ) {
 }}}
 adding in drop to the mix like this:
 {{{
 if ( preg_match( "/^\\s*(insert|delete|update|replace|alter|drop) /i",
 $query ) ) {
 }}}

 does seem to fix it, but I am unaware of the security issues associated.
 It should be noticed that this error does not appear on page, or in the
 debug.log despite having the following set:

 {{{
 define('WP_DEBUG', true);
 define( 'WP_DEBUG_LOG', true );
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/16228>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list