WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#3504 closed defect (bug) (wontfix)

Post Meta Adding Slashes

Reported by: cpoteet Owned by:
Milestone: Priority: high
Severity: normal Version: 2.0.5
Component: Administration Keywords:
Focuses: Cc:

Description

The custom fields function in version 2.05 adds a slash before apostrophes and quotations for the SQL insert.

$value = maybe_serialize($value);
$value = $wpdb->escape($value);
$value = stripslashes($value); // Added to remove slashes before insert

Change History (4)

comment:1 in reply to: ↑ description cpoteet7 years ago

Replying to cpoteet:

The custom fields function in version 2.05 adds a slash before apostrophes and quotations for the SQL insert.

$value = maybe_serialize($value);
$value = $wpdb->escape($value);
$value = stripslashes($value); // Added to remove slashes before insert

Sorry, that was in /wp-includes/functions.php at line 460.

comment:2 Viper007Bond7 years ago

  • Milestone changed from 2.2 to 2.0.6

Isn't the whole point of $wpdb->escape() to add slashes so it can safely be inserted into the database?

If there really is a slash problem, then it should be handled on the way out of the database.

And not sure about 2.0.6 vs. 2.0.7, but I've marked it as 2.0.6 just to be safe, especially since this is rather minor.

comment:3 markjaquith7 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Right now, that's how the function is going to work. You pass unescaped data and it escapes it.

See also #3243

comment:4 foolswisdom7 years ago

  • Milestone 2.0.6 deleted
Note: See TracTickets for help on using tickets.