[wp-trac] [WordPress Trac] #52506: Add escaping method for table names in SQL queries

WordPress Trac noreply at wordpress.org
Wed Jul 20 18:09:29 UTC 2022

#52506: Add escaping method for table names in SQL queries
 Reporter:  tellyworth                           |       Owner:
                                                 |  davidbaumwald
     Type:  defect (bug)                         |      Status:  closed
 Priority:  normal                               |   Milestone:  6.1
Component:  Database                             |     Version:
 Severity:  normal                               |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests early       |     Focuses:
  commit needs-dev-note needs-docs               |

Comment (by iandunn):

 Kudos for all the great work here!

 Since WPDB vulnerabilities are especially painful to fix, it may be good
 to ask for some extra attention on this during the beta period. e.g.,
 [https://docs.hackerone.com/programs/message-hackers.html emailing our
 HackerOne participants] with a link to this ticket, and a reminder that
 vulnerabilities-discovered-before-release/ bounties are doubled if they
 report a bug before it launches to users].

 cc @hellofromtonya, @ehtis, @peterwilsoncc

Ticket URL: <https://core.trac.wordpress.org/ticket/52506#comment:38>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list