htmlspecialchars() in wp-db.php is a small vulnerability
|Reported by:||planetzuda||Owned by:||planetzuda|
I was working with wp-db.php when I noticed htmlspecialchars is being used where htmlentities should be used. I know this is very minor, but I've fixed sites that have been hacked due to the misuse of htmlspecialchars. I reccomend changing htmlspecialchars to htmlentities when the site bails with an error. I've already fixed it on my install, so I'd be happy to upload the fixed file.