[wp-trac] [WordPress Trac] #36342: No check to validate supplied author in export_wp()
WordPress Trac
noreply at wordpress.org
Mon Jan 15 18:34:24 UTC 2018
#36342: No check to validate supplied author in export_wp()
---------------------------------+------------------------------
Reporter: theMikeD | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Export | Version: 3.1
Severity: normal | Resolution:
Keywords: 4.6-early has-patch | Focuses:
---------------------------------+------------------------------
Changes (by Mte90):
* keywords: 4.6-early needs-patch => 4.6-early has-patch
Comment:
We used this ticket for the Italian core-help meeting for a live coding.
After an analysis we saw that
https://codex.wordpress.org/Class_Reference/wpdb#Protect_Queries_Against_SQL_Injection_Attacks
`prepare` already sanitize the data.
Also there was other parameters that wasn't sanitized, in any case we
wasn't sure if this ticket is still valid but was an easy interesting
example about how to do it a patch.
So if the patch is still valid, we done, in other case we got fun and
learned more about the process (and this ticket can be closed) :-)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36342#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list