Opened 16 years ago
Closed 16 years ago
#11779 closed defect (bug) (fixed)
ms-edit.php creates garbage data for anything that is potentially affected by addslashes() and is on the whole completely unsanitized
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 3.0 | Priority: | normal |
| Severity: | critical | Version: | 3.0 |
| Component: | Security | Keywords: | |
| Focuses: | multisite | Cc: |
Description
in addition to not getting the handy strip_slashes_deep(), we have a completely unsanitized query:
// update blogs table
$result = $wpdb->query( "UPDATE {$wpdb->blogs} SET
domain = '".$_POST[ 'blog' ][ 'domain' ]."',
path = '".$_POST[ 'blog' ][ 'path' ]."',
registered = '".$_POST[ 'blog' ][ 'registered' ]."',
public = '".$_POST[ 'blog' ][ 'public' ]."',
archived = '".$_POST[ 'blog' ][ 'archived' ]."',
mature = '".$_POST[ 'blog' ][ 'mature' ]."',
deleted = '".$_POST[ 'blog' ][ 'deleted' ]."',
spam = '".$_POST[ 'blog' ][ 'spam' ]."'
WHERE blog_id = '$id'" );
Change History (7)
#1
@
16 years ago
- Summary changed from SQL injection is possible in ms-edit.php? to SQL injection would be possible in ms-edit.php if it weren't for magic quotes
#4
@
16 years ago
- Summary changed from SQL injection would be possible in ms-edit.php if it weren't for magic quotes to ms-edit.php creates garbage data for anything that can potentially contain a slash and is on the whole completely unsanitized
#5
@
16 years ago
- Summary changed from ms-edit.php creates garbage data for anything that can potentially contain a slash and is on the whole completely unsanitized to ms-edit.php creates garbage data for anything that is potentially affected by addslashes() and is on the whole completely unsanitized
Note: See
TracTickets for help on using
tickets.
Denis:
Ryan has blessed a new keyword 'multisite' for when we opt for a component other than Multisite on a ticket. I'm going to start adding it, can you possibly create a report that highlights all Multisite keyword/component tickets?