[wp-trac] [WordPress Trac] #25775: WP_Date_Query table prefixing

WordPress Trac noreply at wordpress.org
Tue Oct 7 23:24:07 UTC 2014


#25775: WP_Date_Query table prefixing
-------------------------------------+------------------
 Reporter:  ew_holmes                |       Owner:
     Type:  defect (bug)             |      Status:  new
 Priority:  normal                   |   Milestone:  4.1
Component:  Query                    |     Version:  3.7
 Severity:  major                    |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+------------------

Comment (by boonebgorges):

 nacin, Viper007Bond - Thanks, guys. You're right.

 So, the current state of affairs is that we check column names against a
 whitelist, but the whitelist is filtered, and no sanitization happens
 after that. So a plugin author could do damage by using this filter, but
 of course an installed plugin can do all sorts of damage. In the name of
 being conservative, [attachment:25775.3.patch] improves the current
 situation by stripping
 [http://dev.mysql.com/doc/refman/5.0/en/identifiers.html forbidden
 characters] from column names - even those added to the whitelist via
 filter.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25775#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list