[wp-trac] [WordPress Trac] #16228: $wpdb->query and DROP TABLE
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 14 10:54:36 UTC 2011
#16228: $wpdb->query and DROP TABLE
--------------------------+-----------------------------
Reporter: elfin | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: 3.1
Severity: normal | Keywords:
--------------------------+-----------------------------
Using the shiny new admin Debug Bar plugin I noticed an issue on a plugin
uninstall.
1. WARNING: E:\htdocs\wpbeta\wp-includes\wp-db.php:1120 -
mysql_num_fields() expects parameter 1 to be resource, boolean given
2. WARNING: E:\htdocs\wpbeta\wp-includes\wp-db.php:1125 -
mysql_fetch_object(): supplied argument is not a valid MySQL result
resource
3. WARNING: E:\htdocs\wpbeta\wp-includes\wp-db.php:1130 -
mysql_free_result() expects parameter 1 to be resource, boolean given
looking at line 1110 of wp-db.php I see this line:
{{{
if ( preg_match( "/^\\s*(insert|delete|update|replace|alter) /i", $query )
) {
}}}
adding in drop to the mix like this:
{{{
if ( preg_match( "/^\\s*(insert|delete|update|replace|alter|drop) /i",
$query ) ) {
}}}
does seem to fix it, but I am unaware of the security issues associated.
It should be noticed that this error does not appear on page, or in the
debug.log despite having the following set:
{{{
define('WP_DEBUG', true);
define( 'WP_DEBUG_LOG', true );
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16228>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list