Opened 5 months ago
Last modified 5 months ago
#22936 new defect (bug)
XML-RPC Wordpress api setOption double escapes args — at Initial Version
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Awaiting Review |
| Component: | XML-RPC | Version: | |
| Severity: | major | Keywords: | |
| Cc: |
Description
Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. "Munich's" becomes "Munich
's".
wp.setOptions($args) escpapes all args and calls update_option() which is then calling mysql_real_escape_string(), leading to a double escaping. To solve this options should not be escaped in wp-setOptions() function.
Here the callStack showing the 2nd escaping:
wp-includes/wp-db.php.wpdb->_real_escape:884
wp-includes/wp-db.php.wpdb->escape_by_ref:950
wp-includes/wp-db.php.array_walk:0
wp-includes/wp-db.php.wpdb->prepare:1003
wp-includes/wp-db.php.wpdb->update:1365
wp-includes/option.php.update_option:258
Note: See
TracTickets for help on using
tickets.
