[wp-trac] [WordPress Trac] #25775: WP_Date_Query table prefixing
WordPress Trac
noreply at wordpress.org
Tue Oct 7 23:24:07 UTC 2014
#25775: WP_Date_Query table prefixing
-------------------------------------+------------------
Reporter: ew_holmes | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.1
Component: Query | Version: 3.7
Severity: major | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+------------------
Comment (by boonebgorges):
nacin, Viper007Bond - Thanks, guys. You're right.
So, the current state of affairs is that we check column names against a
whitelist, but the whitelist is filtered, and no sanitization happens
after that. So a plugin author could do damage by using this filter, but
of course an installed plugin can do all sorts of damage. In the name of
being conservative, [attachment:25775.3.patch] improves the current
situation by stripping
[http://dev.mysql.com/doc/refman/5.0/en/identifiers.html forbidden
characters] from column names - even those added to the whitelist via
filter.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25775#comment:36>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list