WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #22936


Ignore:
Timestamp:
12/15/2012 04:13:28 AM (8 years ago)
Author:
SergeyBiryukov
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #22936

    • Property Severity changed from blocker to major
    • Property Summary changed from XML-RPC Wordpress api setOption double escapes args to XML-RPC WordPress api setOption double escapes args
  • Ticket #22936 – Description

    initial v1  
    1 Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. "Munich's" becomes "Munich\\'s".
     1Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. `Munich's` becomes `Munich\\'s`.
    22
    33wp.setOptions($args) escpapes all args and calls update_option() which is then calling mysql_real_escape_string(), leading to a double escaping. To solve this options should not be escaped in wp-setOptions() function.
     
    55
    66Here the callStack showing the 2nd escaping:
     7{{{
    78wp-includes/wp-db.php.wpdb->_real_escape:884
    89wp-includes/wp-db.php.wpdb->escape_by_ref:950   
     
    1112wp-includes/wp-db.php.wpdb->update:1365
    1213wp-includes/option.php.update_option:258
     14}}}