[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries
WordPress Trac
noreply at wordpress.org
Wed Jul 20 18:09:29 UTC 2022
#52506: Add escaping method for table names in SQL queries
-------------------------------------------------+-------------------------
Reporter: tellyworth | Owner:
| davidbaumwald
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 6.1
Component: Database | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests early | Focuses:
commit needs-dev-note needs-docs |
-------------------------------------------------+-------------------------
Comment (by iandunn):
Kudos for all the great work here!
Since WPDB vulnerabilities are especially painful to fix, it may be good
to ask for some extra attention on this during the beta period. e.g.,
[https://docs.hackerone.com/programs/message-hackers.html emailing our
HackerOne participants] with a link to this ticket, and a reminder that
[https://make.wordpress.org/security/2019/02/13/doubling-bounties-for-
vulnerabilities-discovered-before-release/ bounties are doubled if they
report a bug before it launches to users].
cc @hellofromtonya, @ehtis, @peterwilsoncc
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:38>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list