Changes between Initial Version and Version 1 of Ticket #22936
- Timestamp:
- 12/15/12 04:13:28 (5 months ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #22936
- Property Severity changed from blocker to major
- Property Summary changed from XML-RPC Wordpress api setOption double escapes args to XML-RPC WordPress api setOption double escapes args
-
Ticket #22936 – Description
initial v1 1 Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. "Munich's" becomes "Munich\\'s".1 Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. `Munich's` becomes `Munich\\'s`. 2 2 3 3 wp.setOptions($args) escpapes all args and calls update_option() which is then calling mysql_real_escape_string(), leading to a double escaping. To solve this options should not be escaped in wp-setOptions() function. … … 5 5 6 6 Here the callStack showing the 2nd escaping: 7 {{{ 7 8 wp-includes/wp-db.php.wpdb->_real_escape:884 8 9 wp-includes/wp-db.php.wpdb->escape_by_ref:950 … … 11 12 wp-includes/wp-db.php.wpdb->update:1365 12 13 wp-includes/option.php.update_option:258 14 }}}
