[wp-trac] [WordPress Trac] #49705: Sanitizing input for parameterized queries + update_meta_cache
WordPress Trac
noreply at wordpress.org
Thu Mar 26 13:52:36 UTC 2020
#49705: Sanitizing input for parameterized queries + update_meta_cache
-------------------------------------------------+-------------------------
Reporter: classicalrehan | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: Query | Version: 5.3.2
Severity: critical | Keywords:
Focuses: rest-api, performance, coding- |
standards |
-------------------------------------------------+-------------------------
**So, should we just pass anything we get straight to the database?**
There are definitely things you can check about user input, but this is
highly context-dependent. Because sanitization is ill-defined and mis-
used, I prefer to call this validation.
I checked the WordPress core function which is not sanitized even this is
one of the most used function in across the WordPress.
In below code get_result with no prepare statement. I don;t know the
reason why?
{{{
$meta_list = $wpdb->get_results( "SELECT $column, meta_key, meta_value
FROM $table WHERE $column IN ($id_list) ORDER BY $id_column ASC", ARRAY_A
);
}}}
This function should be something like this:
{{{
$id_list_sanity = implode( ', ', array_fill( 0, count( $id_list ), '%d' )
);
$meta_list = $wpdb->get_results( $wpdb->prepare( "
SELECT $column, meta_key, meta_value FROM $table WHERE
$column IN ($id_list_sanity) ORDER BY $id_column DESC"
,$id_list),ARRAY_A );
}}}
Function Name: update_meta_cache
File: wp-includes/meta.php
Line: #825
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49705>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list