[wp-trac] [WordPress Trac] #56671: Not sanitized the relation operator argument in WP_Tax_Query{}
WordPress Trac
noreply at wordpress.org
Tue Sep 27 19:13:12 UTC 2022
#56671: Not sanitized the relation operator argument in WP_Tax_Query{}
---------------------------------------+-----------------------------
Reporter: rudlinkon | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Query | Version: trunk
Severity: major | Keywords: needs-patch
Focuses: privacy, coding-standards |
---------------------------------------+-----------------------------
the input `relation` argument directly stored here `wp-includes/class-wp-
date-query.php:625`
{{{#!php
$relation = $query['relation'];
}}}
and this is used on here `wp-includes/class-wp-date-query.php:667`
{{{#!php
$sql['where'] = '( ' . "\n " . $indent . implode( ' ' . "\n " . $indent
. $relation . ' ' . "\n " . $indent, $sql_chunks['where'] ) . "\n" .
$indent . ')';
}}}
so the input arguments should be sanitized otherwise it may abuse.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56671>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list