WordPress.org

Make WordPress Core

Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#6227 closed defect (bug) (fixed)

wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape

Reported by: BenDeRydt Owned by:
Milestone: 2.6 Priority: normal
Severity: normal Version: 2.3.3
Component: General Keywords:
Focuses: Cc:

Description

I'd tried using wp_insert_post as described in the function reference. This caused major problems with post_content like --it's a rainy day-- because:

  1. wp_insert_post does not escape its query parameters
  1. it does not check the return value of $wpdb->query

This meant that I got a perfectly innocent ID in return which I used in other tables but there never was a post with this ID in the actual wp_posts table. Worst of all, WordPress cached some info of this post in its postcache, meaning I got a half finished post on the frontpage of my blog but no way to link to it.

Change History (4)

#1 @BenDeRydt
13 years ago

  • Summary changed from wp_insert_post should check the return value of $wpdb->query or use $wpdb->query to wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape

Sorry, wrong title. I meant $wpdb->escape.

#2 @lloydbudd
13 years ago

  • Milestone changed from 2.3.4 to 2.6
  • Version set to 2.3.3

#3 @ryan
13 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7900]) wp_insert_post() -- Validate page template, check return of insert and update queries, add option to return WP_Error. fixes #6227 see #6098

#4 @ryan
13 years ago

(In [7920]) wp_insert_post() -- Validate page template, check return of insert and update queries, add option to return WP_Error. fixes #6227 see #6098. for 2.5

Note: See TracTickets for help on using tickets.