[wp-trac] [WordPress Trac] #36342: No check to validate supplied author in export_wp()
WordPress Trac
noreply at wordpress.org
Wed Jan 16 01:51:02 UTC 2019
#36342: No check to validate supplied author in export_wp()
--------------------------+-----------------------------
Reporter: theMikeD | Owner: SergeyBiryukov
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Export | Version: 3.1
Severity: normal | Resolution: wontfix
Keywords: has-patch | Focuses:
--------------------------+-----------------------------
Changes (by pento):
* status: reviewing => closed
* resolution: => wontfix
* milestone: 5.1 =>
Comment:
The issue isn't that `esc_sql()` needs to be run on these arguments, it's
that `wp_export()` doesn't check if the author exists before adding it to
the query.
I don't think it's really necessary, if they attempt to export an author
that doesn't exist (or doesn't have any posts), it'll just return an empty
export.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36342#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list