Context Navigation

← Previous Ticket
Next Ticket →

#6227 closed defect (bug) (fixed)

wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape

Reported by:	BenDeRydt	Owned by:
Milestone:	2.6	Priority:	normal
Severity:	normal	Version:	2.3.3
Component:	General	Keywords:
Focuses:		Cc:

Description

I'd tried using wp_insert_post as described in the function reference. This caused major problems with post_content like --it's a rainy day-- because:

wp_insert_post does not escape its query parameters

it does not check the return value of $wpdb->query

This meant that I got a perfectly innocent ID in return which I used in other tables but there never was a post with this ID in the actual wp_posts table. Worst of all, WordPress cached some info of this post in its postcache, meaning I got a half finished post on the frontpage of my blog but no way to link to it.

Change History (4)

#1 @BenDeRydt
18 years ago

Summary changed from wp_insert_post should check the return value of $wpdb->query or use $wpdb->query to wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape

Sorry, wrong title. I meant $wpdb->escape.

#2 @lloydbudd
18 years ago

Milestone changed from 2.3.4 to 2.6
Version set to 2.3.3

#3 @ryan
18 years ago

Resolution set to fixed
Status changed from new to closed

(In [7900]) wp_insert_post() -- Validate page template, check return of insert and update queries, add option to return WP_Error. fixes #6227 see #6098

#4 @ryan
18 years ago

(In [7920]) wp_insert_post() -- Validate page template, check return of insert and update queries, add option to return WP_Error. fixes #6227 see #6098. for 2.5

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core