[wp-trac] [WordPress Trac] #34222: Impossible to correctly make a REGEXP meta query's value safe from untrusted input
WordPress Trac
noreply at wordpress.org
Fri Oct 9 17:06:06 UTC 2015
#34222: Impossible to correctly make a REGEXP meta query's value safe from
untrusted input
--------------------------+------------------------------
Reporter: johnbillion | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version:
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses:
--------------------------+------------------------------
Comment (by boonebgorges):
In my testing, I'm seeing the same SQL as you're reporting. But the SQL is
correctly matching posts. As far as I can see, in `WHERE meta_value REGEXP
'^\\$100'`, MySQL inteprets the first slash as escaping the second one as
a literal slash, and it then interprets the literal slash as escaping the
`$`, which inside of a `REGEXP` means that it's not parsed as a regex
special character. See attached screenshot.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34222#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list