Opened 6 years ago

Closed 4 years ago

#5188 closed enhancement (wontfix)

Additional DB sanitization functions

Reported by: markjaquith Owned by: anonymous
Priority: normal Milestone:
Component: General Version:
Severity: normal Keywords:
Cc:

Description

For places where we build complex SQL queries by hand or where we let PHP control things like column names, limits, and ORDER BY order, we need some functions to consistently sanitize this data.

Proposed:

sanitize_column($column name);
sanitize_limit($limit_string);
sanitize_orderby_direction($desc_or_asc);

Any others?

Change History (3)

comment:1   ffemtcj5 years ago

  • Milestone changed from 2.5 to 2.7

No Patch. Moved to 2.7

comment:2   santosj5 years ago

  • Milestone changed from 2.7 to 2.9

No patch moving to 2.9.

comment:3   Denis-de-Bernardy4 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I fail to see the point. If so, we'd also need a sanitize_where, sanitize_join, sanitize_group_by, and, why not..., sanitize_subquery. In short, an SQL parser.

It's the plugin author's responsibility to make sure that whatever he adds is valid sql.

Note: See TracTickets for help on using tickets.