Make WordPress Core

Opened 3 years ago

Last modified 18 months ago

#22936 closed defect (bug)

XML-RPC WordPress api setOption double escapes args — at Version 1

Reported by: jachzen Owned by:
Milestone: 3.9 Priority: normal
Severity: major Version:
Component: XML-RPC Keywords:
Focuses: Cc:

Description (last modified by SergeyBiryukov)

Parts of the xml-rpc wordpress api are not usable, as they doublequote strings. e.g. Munich's becomes Munich\\'s.

wp.setOptions($args) escpapes all args and calls update_option() which is then calling mysql_real_escape_string(), leading to a double escaping. To solve this options should not be escaped in wp-setOptions() function.

Here the callStack showing the 2nd escaping:


Change History (1)

comment:1 @SergeyBiryukov3 years ago

  • Description modified (diff)
  • Severity changed from blocker to major
  • Summary changed from XML-RPC Wordpress api setOption double escapes args to XML-RPC WordPress api setOption double escapes args
Note: See TracTickets for help on using tickets.