#6227 closed defect (bug) (fixed)
wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape
Reported by: | BenDeRydt | Owned by: | |
---|---|---|---|
Milestone: | 2.6 | Priority: | normal |
Severity: | normal | Version: | 2.3.3 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
I'd tried using wp_insert_post
as described in the function reference. This caused major problems with post_content
like --it's a rainy day
-- because:
wp_insert_post
does not escape its query parameters
- it does not check the return value of
$wpdb->query
This meant that I got a perfectly innocent ID in return which I used in other tables but there never was a post with this ID in the actual wp_posts
table. Worst of all, WordPress cached some info of this post in its postcache, meaning I got a half finished post on the frontpage of my blog but no way to link to it.
Change History (4)
Note: See
TracTickets for help on using
tickets.
Sorry, wrong title. I meant $wpdb->escape.