WordPress.org

Make WordPress Core

Opened 5 years ago

Last modified 4 years ago

#22936 closed defect (bug)

XML-RPC Wordpress api setOption double escapes args — at Initial Version

Reported by: jachzen Owned by:
Milestone: 3.9 Priority: normal
Severity: major Version:
Component: XML-RPC Keywords:
Focuses: Cc:

Description

Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. "Munich's" becomes "Munich
's".

wp.setOptions($args) escpapes all args and calls update_option() which is then calling mysql_real_escape_string(), leading to a double escaping. To solve this options should not be escaped in wp-setOptions() function.

Here the callStack showing the 2nd escaping: wp-includes/wp-db.php.wpdb->_real_escape:884 wp-includes/wp-db.php.wpdb->escape_by_ref:950 wp-includes/wp-db.php.array_walk:0 wp-includes/wp-db.php.wpdb->prepare:1003 wp-includes/wp-db.php.wpdb->update:1365 wp-includes/option.php.update_option:258

Change History (0)

Note: See TracTickets for help on using tickets.