[wp-trac] [WordPress Trac] #35370: wp-activate.php use unfilter value in database query
WordPress Trac
noreply at wordpress.org
Sun Jan 24 00:47:04 UTC 2016
#35370: wp-activate.php use unfilter value in database query
----------------------------+----------------------
Reporter: alifamoorzadeh | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 4.4.1
Severity: normal | Resolution: invalid
Keywords: | Focuses:
----------------------------+----------------------
Description changed by SergeyBiryukov:
Old description:
> hello
> in file "wp-activate.php" lines:
> 86: $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
> 87: $result = wpmu_activate_signup( $key );
>
> passed user input value to wpmu_activate_signup function without filter
> then this function use value in db query.
New description:
hello
in file "wp-activate.php" lines:
{{{
86: $key = !empty($_GET['key']) ? $_GET['key'] : $_POST['key'];
87: $result = wpmu_activate_signup( $key );
}}}
passed user input value to wpmu_activate_signup function without filter
then this function use value in db query.
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35370#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list