Opened 3 years ago
Closed 3 years ago
#11779 closed defect (bug) (fixed)
ms-edit.php creates garbage data for anything that is potentially affected by addslashes() and is on the whole completely unsanitized
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 3.0 |
| Component: | Security | Version: | 3.0 |
| Severity: | critical | Keywords: | multisite |
| Cc: |
Description
in addition to not getting the handy strip_slashes_deep(), we have a completely unsanitized query:
// update blogs table
$result = $wpdb->query( "UPDATE {$wpdb->blogs} SET
domain = '".$_POST[ 'blog' ][ 'domain' ]."',
path = '".$_POST[ 'blog' ][ 'path' ]."',
registered = '".$_POST[ 'blog' ][ 'registered' ]."',
public = '".$_POST[ 'blog' ][ 'public' ]."',
archived = '".$_POST[ 'blog' ][ 'archived' ]."',
mature = '".$_POST[ 'blog' ][ 'mature' ]."',
deleted = '".$_POST[ 'blog' ][ 'deleted' ]."',
spam = '".$_POST[ 'blog' ][ 'spam' ]."'
WHERE blog_id = '$id'" );
Change History (7)
- Summary changed from SQL injection is possible in ms-edit.php? to SQL injection would be possible in ms-edit.php if it weren't for magic quotes
- Summary changed from SQL injection would be possible in ms-edit.php if it weren't for magic quotes to ms-edit.php creates garbage data for anything that can potentially contain a slash and is on the whole completely unsanitized
- Summary changed from ms-edit.php creates garbage data for anything that can potentially contain a slash and is on the whole completely unsanitized to ms-edit.php creates garbage data for anything that is potentially affected by addslashes() and is on the whole completely unsanitized
Looks like this was removed along the way as expected with the cleanup? Denis, can you confirm?
Note: See
TracTickets for help on using
tickets.
Denis:
Ryan has blessed a new keyword 'multisite' for when we opt for a component other than Multisite on a ticket. I'm going to start adding it, can you possibly create a report that highlights all Multisite keyword/component tickets?