Make WordPress Core

Opened 15 years ago

Closed 14 years ago

#5188 closed enhancement (wontfix)

Additional DB sanitization functions

Reported by: markjaquith's profile markjaquith Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: Cc:

Description

For places where we build complex SQL queries by hand or where we let PHP control things like column names, limits, and ORDER BY order, we need some functions to consistently sanitize this data.

Proposed:

sanitize_column($column name);
sanitize_limit($limit_string);
sanitize_orderby_direction($desc_or_asc);

Any others?

Change History (3)

#1 @ffemtcj
15 years ago

  • Milestone changed from 2.5 to 2.7

No Patch. Moved to 2.7

#2 @santosj
14 years ago

  • Milestone changed from 2.7 to 2.9

No patch moving to 2.9.

#3 @Denis-de-Bernardy
14 years ago

  • Milestone 2.9 deleted
  • Resolution set to wontfix
  • Status changed from new to closed

I fail to see the point. If so, we'd also need a sanitize_where, sanitize_join, sanitize_group_by, and, why not..., sanitize_subquery. In short, an SQL parser.

It's the plugin author's responsibility to make sure that whatever he adds is valid sql.

Note: See TracTickets for help on using tickets.