Opened 8 years ago

Closed 8 years ago

Last modified 3 years ago

#1394 closed defect (bug) (fixed)

add_slashes() does not escape all database input correctly

Reported by: auroraeosrose Owned by: anonymous
Priority: normal Milestone:
Component: Security Version: 1.5.1.1
Severity: major Keywords:
Cc:

Description

wp-db.php - the database class - the escape function uses add_slashes to try to escape data for sql use/insertion

This will fail under several methods

  1. Mysql in ansi mode
  2. NULL, \x00, \n, \r, \, " and \x1a characters not escaped
  3. Mysql 4.1 with a different character set or earlier versions when mysql is run in a different character set

mysql_escape_string() has been around since 4.0.3
since wordpress requires 4.1 it shouldn't be a problem

Attachments (1)

db.diff (667 bytes) - added by auroraeosrose 8 years ago.

Download all attachments as: .zip

Change History (8)

comment:2   auroraeosrose8 years ago

  • Patch set to No

auroraeosrose8 years ago

comment:3   matt8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [2684]) Better escaping from class, fixes #1394

comment:4   hakre3 years ago

  • Keywords health-check added

The changes have been removed which means a downgrade to addslahes for many installations again. See #11819.

comment:5   hakre3 years ago

Changes were removed in [2737].

comment:6   Denis-de-Bernardy3 years ago

  • Keywords health-check removed

a check was added that prompts for mysql_real_escape()

comment:7   hakre3 years ago

Related: #9189

Note: See TracTickets for help on using tickets.