#21548 closed defect (bug) (invalid)
Wrong mysql_set_charset() params order in wp-db.php
Reported by: | gubnota | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.3.2 |
Component: | Database | Keywords: | |
Focuses: | Cc: |
Description
Potential SQL injection vulnerability found in wp-includes/wp-db.php where mysql_set_charset() execution in class wpdb->set_charset() has wrong param order.
Whereas it should be:
mysql_set_charset( $dbh, $charset );
It is:
mysql_set_charset( $charset, $dbh );
In some cases it causes MySQL to use default latin1 encoding.
Change History (3)
#2
@
12 years ago
- Keywords has-patch removed
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
#3
@
12 years ago
Also, you might have seen this when creating the ticket:
Do not report potential security vulnerabilities here. Read the Security FAQ and email us at security@….
Note: See
TracTickets for help on using
tickets.
as per the PHP Docs, the order is correct: