WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#5471 closed defect (bug) (fixed)

?feed=rss2&p=-1 results in db error, showing sql query (table prefixes)

Reported by: lloydbudd Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.5
Component: General Keywords:
Focuses: Cc:

Description

?feed=rss2&p=-1 results in db error, showing sql query (table prefixes)

ENV: WordPress trunk r6385

  • WP 2.0.9 bug doesn't repro

ACTUAL RESULT:

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 10' at line 1]
SELECT wp_comments.* FROM wp_comments WHERE comment_post_ID = AND comment_approved = '1' ORDER BY comment_date_gmt DESC LIMIT 10

Change History (4)

comment:1 @DD327 years ago

See also: #5185 "If you append /feed to an invalid post url (the post itself returns a 404), you get a SQL error on top:"

comment:2 @docwhat7 years ago

Originally reported here: http://blogsecurity.net/news/news-110707/

Note: wordpress.com seems immune to this problem, for some reason.

I'd consider this a class error. Why are any DB errors shown to anyone but Admin or if DEBUG is turned on?

Workaround (a plugin):
http://blogsecurity.net/wordpress/wpdberrors-plugin-removing-wordpress-db-errors/

Ciao!

comment:3 @lloydbudd7 years ago

  • Component changed from Security to General

In the context of the work in #5473 this is no longer a security issue.

comment:4 @ryan7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I think this is fixed by [6683]

Note: See TracTickets for help on using tickets.