#12060 closed defect (bug) (fixed)
Asymmetric Slashing in [12052]
Reported by: | miqrogroove | Owned by: | ryan |
---|---|---|---|
Milestone: | 2.9.2 | Priority: | normal |
Severity: | normal | Version: | 2.9 |
Component: | Query | Keywords: | |
Focuses: | Cc: |
Description
Westi changed the string literal
'return trim($a, "\\"\'\\n\\r ");'
to
return trim($t, "\"\'\n\r ");
These are not syntactically equivalent, and the new version could break future attempts at wildcard escaping.
For example, term\ is prevented, but %term is now unescaped.
Change History (8)
#2
@
15 years ago
The obvious candidates so far:
redirect_guess_404_permalink() in canonical.php
check_comment() in comment.php
do_enclose() in functions.php
get_posts() in query.php
wp_delete_attachment() in post.php
wp_post_mime_type_where() in post.php
get_terms() in taxonomy.php
#3
@
15 years ago
I had some success patching the query(LIKE query()) type stuff, but query(LIKE $_GET) is a huge problem. Because of the calls to add_magic_quotes() in wp-settings.php, there is not a clean input path. I would have to use an insane pattern query(LIKE escape(like_escape(query($_GET)))) to recode the slashes after wp-settings runs.
#4
@
15 years ago
- Cc westi added
Thanks for catching this mistake.
I have been through the conversion again and from what I can see the correct argument for trim in the new function is:
"\"'\n\r "
The mistake I made in the conversion was to keep the \
before the single quote.
Do you concur?
Per chat in IRC, MarkJaquith says to patch any instance of LIKE that is not using like_escape() from formatting.php.
I think that can be handled in this same ticket.