Opened 17 years ago
Closed 16 years ago
#5188 closed enhancement (wontfix)
Additional DB sanitization functions
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | |
| Focuses: | Cc: |
Description
For places where we build complex SQL queries by hand or where we let PHP control things like column names, limits, and ORDER BY order, we need some functions to consistently sanitize this data.
Proposed:
sanitize_column($column name); sanitize_limit($limit_string); sanitize_orderby_direction($desc_or_asc);
Any others?
Change History (3)
#3
@
16 years ago
- Milestone 2.9 deleted
- Resolution set to wontfix
- Status changed from new to closed
I fail to see the point. If so, we'd also need a sanitize_where, sanitize_join, sanitize_group_by, and, why not..., sanitize_subquery. In short, an SQL parser.
It's the plugin author's responsibility to make sure that whatever he adds is valid sql.
Note: See
TracTickets for help on using
tickets.
No Patch. Moved to 2.7