[wp-trac] [WordPress Trac] #60505: Column names in wpdb->insert aren't sanitized.
WordPress Trac
noreply at wordpress.org
Mon Feb 12 21:40:45 UTC 2024
#60505: Column names in wpdb->insert aren't sanitized.
--------------------------+------------------------------
Reporter: kazet | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: 6.4.3
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by peterwilsoncc):
[attachment:"60505.diff"] is a proof of concept to use the
[https://make.wordpress.org/core/2022/10/08/escaping-table-and-field-
names-with-wpdbprepare-in-wordpress-6-1/ identifier placeholders
introduced in WordPress 6.2].
`wpdb::update()` is also affected and would need similar code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60505#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list