[wp-trac] [WordPress Trac] #41925: Bring back, support and document %1$s support in wpdb->prepare
WordPress Trac
noreply at wordpress.org
Wed Sep 20 19:38:27 UTC 2017
#41925: Bring back, support and document %1$s support in wpdb->prepare
-------------------------+----------------------
Reporter: soulseekah | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Database | Version:
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
-------------------------+----------------------
Comment (by soulseekah):
I deduce that the secret test case that is mentioned is actually:
{{{#!php
$wpdb->prepare( 'SELECT * FROM wp_posts WHERE ID = %1$%s', '1 OR 1=1' );
}}}
Which does in fact bring out an injection that my patch does not address.
It is a typo (syntax error) but the expected replacement after sprintf()
would need to be "$'1 OR 1=1'" in that part, I believe. Continuing to work
on the patch. Let's see if we can make it work.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/41925#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list