Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #10041, comment 14


Ignore:
Timestamp:
02/05/2013 05:31:39 AM (11 years ago)
Author:
miqrogroove
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #10041, comment 14

    initial v1  
    1 Yes of course.  The problem is that quotes are unavoidable when discussing slashes.  Earlier, I was trying to explain to Mark the difference between \% \\% \' and \\\' in LIKE values.  Unfortunately, those last 2 examples turned out to be identical, screwing up my point about the need to double-escape slashes and percent chars.
     1Yes of course.  The problem is that quotes are unavoidable when discussing slashes.  Earlier, I was trying to explain to Mark the difference between {{{\% \\% \'}}} and {{{\\\'}}} in LIKE values.  Unfortunately, those last 2 examples turned out to be identical, screwing up my point about the need to double-escape slashes and percent chars.
    22
    33In any case, the focus should be on how to implement stripslashes() and escape/prepare so that the like_escape() function doesn't create vulnerabilities.