Ticket #5188 (closed enhancement: wontfix)

Opened 4 years ago

Last modified 3 years ago

Additional DB sanitization functions

Reported by: markjaquith Owned by: anonymous
Priority: normal Milestone:
Component: General Version:
Severity: normal Keywords:
Cc:

Description

For places where we build complex SQL queries by hand or where we let PHP control things like column names, limits, and ORDER BY order, we need some functions to consistently sanitize this data.

Proposed: 

sanitize_column($column name);
sanitize_limit($limit_string);
sanitize_orderby_direction($desc_or_asc);

Any others?

Change History

comment:1   ffemtcj4 years ago

  • Milestone changed from 2.5 to 2.7

No Patch. Moved to 2.7

comment:2   santosj4 years ago

  • Milestone changed from 2.7 to 2.9

No patch moving to 2.9.

comment:3   Denis-de-Bernardy3 years ago

  • Status changed from new to closed
  • Resolution set to wontfix
  • Milestone 2.9 deleted

I fail to see the point. If so, we'd also need a sanitize_where, sanitize_join, sanitize_group_by, and, why not..., sanitize_subquery. In short, an SQL parser.

It's the plugin author's responsibility to make sure that whatever he adds is valid sql.

Note: See TracTickets for help on using tickets.