[wp-trac] [WordPress Trac] #20489: PCI Compliance/Wordpress SQL Injection Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Thu Apr 19 15:39:13 UTC 2012
#20489: PCI Compliance/Wordpress SQL Injection Vulnerability
--------------------------+----------------------
Reporter: txfright | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version:
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+----------------------
Changes (by scribu):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
The fix is to use `the_search_query()` instead of `echo
get_query_var('s')` in your theme. You can see an example in the bundled
Twentyeleven theme.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/20489#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list