[wp-trac] [WordPress Trac] #44861: equals sign in WordPress Gutenberg post triggers SQL injection attack on Server
WordPress Trac
noreply at wordpress.org
Fri Aug 31 05:59:18 UTC 2018
#44861: equals sign in WordPress Gutenberg post triggers SQL injection attack on
Server
-------------------------------------+----------------------
Reporter: jamesfroggatt | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Editor | Version: 4.9.8
Severity: normal | Resolution: invalid
Keywords: reporter-feedback close | Focuses:
-------------------------------------+----------------------
Changes (by SergeyBiryukov):
* keywords: needs-patch needs-screenshots reporter-feedback close =>
reporter-feedback close
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hi @jamesfroggatt, welcome to WordPress Trac! Thanks for the report.
> I have a feeling that in the wordpress code, the = symbol is not
'escaped'
Right, but it's perfectly fine to use in post content, so I don't see why
it should be escaped.
It looks like the symbol triggers some overzealous security rule on your
server. Please try the support forums for troubleshooting:
http://wordpress.org/support/.
Related: #25564, #25736, #32571.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44861#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list