Opened 15 years ago
Closed 15 years ago
#11788 closed enhancement (fixed)
barely sanitized strings are put straight in the database in ms-site.php
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | major | Version: | 3.0 |
Component: | Multisite | Keywords: | |
Focuses: | Cc: |
Description
there arguably are magic quotes, but it's freaky scary to read things such as:
$s = wp_specialchars( trim( $_GET[ 's' ] ) ); ... " AND ( {$wpdb->blogs}.domain LIKE '%{$s}%' OR {$wpdb->blogs}.path LIKE '%{$s}%' ) ";
Change History (2)
Note: See
TracTickets for help on using
tickets.
Should be fixed before 3.0 ships, IMO