Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 13 years ago

Closed 13 years ago

#11788 closed enhancement (fixed)

barely sanitized strings are put straight in the database in ms-site.php

Reported by:	Denis-de-Bernardy	Owned by:
Milestone:	3.0	Priority:	normal
Severity:	major	Version:	3.0
Component:	Multisite	Keywords:
Focuses:		Cc:

Description

there arguably are magic quotes, but it's freaky scary to read things such as:

$s = wp_specialchars( trim( $_GET[ 's' ] ) );
...
" AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) ";

Change History (2)

#1 @ninjaWR
13 years ago

Milestone changed from Future Release to 3.0
Severity changed from normal to major

Should be fixed before 3.0 ships, IMO

#2 @nacin
13 years ago

Resolution set to fixed
Status changed from new to closed

#11644. Both fixed at some point.

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: