WordPress.org
Get WordPress

Make WordPress Core

Opened 18 years ago

Closed 18 years ago

Last modified 18 years ago

#4692 closed defect (bug) (fixed)

Wordpress /edit-comments.php Database Error (Bug)

Reported by: benjaminflesch's profile BenjaminFlesch Owned by: nazgul's profile Nazgul
Milestone: 2.2.2 Priority: normal
Severity: normal Version: 2.2.1
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

In /edit-comments.php, the parameter apage is not properly sanitized before it is used to calculate the rows from which Wordpress tries to pull the comments from.

So in case apage has a negative numerical value, Wordpress throws a Database Error caused by an corrupted SQL Query which can be seen in the picture. It tries to SELECT all data from the table between rows -40 and 25, and this - of course - does not work ;)

Attachments (2)

4692.diff (402 bytes) - added by Nazgul 18 years ago.
for_22.patch (826 bytes) - added by g30rg3x 18 years ago.
For Branch 2.2

Download all attachments as: .zip

Change History (10)

@Nazgul
18 years ago

#1 @Nazgul
18 years ago

  • Keywords has-patch added
  • Milestone set to 2.3 (trunk)
  • Owner changed from anonymous to Nazgul
  • Status changed from new to assigned

#2 @matt
18 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [5836]) Absolute numbers where we will never allow negatives, fixes #4692

@g30rg3x
18 years ago

For Branch 2.2

#3 @g30rg3x
18 years ago

Please apply this for branch 2.2 :)

#4 @markjaquith
18 years ago

(In [5839]) Absolute numbers where we will never allow negatives, fixes #4692 for 2.2.x, thanks g30rg3x

#5 @markjaquith
18 years ago

(In [5840]) Sanitize cat_id, fixes #4692 for 2.2.x, thanks g30rg3x

#6 @markjaquith
18 years ago

  • Milestone changed from 2.3 (trunk) to 2.2.2

#7 @markjaquith
18 years ago

Doh... That last one was for #4691

#8 @BenjaminFlesch
18 years ago

thanks for all your patches, guys, when may i expect an updated version?

-benjamin

Note: See TracTickets for help on using tickets.