[wp-trac] [WordPress Trac] #32315: $wpdb->insert fails without error msg
WordPress Trac
noreply at wordpress.org
Sun Oct 30 03:43:38 UTC 2016
#32315: $wpdb->insert fails without error msg
------------------------------------------+------------------------------
Reporter: dlt101 | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Database | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+------------------------------
Comment (by dd32):
> I think it should just fail and return an error. Truncating values
somehow introduced a security problem, which is how this secure-but-
unhelpful code was introduced in the first place (see my earlier comment
where I pointed to the security release where this bug was introduced and
the exact commit). Right @pento ?
Correct. Silently truncating data as it goes into a Database can very
easily cause a security vulnerability (as strange as it seems).
We should add an error message, but `wpdb` should continue to abort.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32315#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list