WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#6640 closed defect (bug) (fixed)

Login should use DB prepare method on user input

Reported by: filosofo Owned by:
Milestone: 2.5.1 Priority: normal
Severity: normal Version:
Component: General Keywords: wp-login wpdb prepare mysql has-patch
Focuses: Cc:

Description

I noticed that wp-login.php runs DB queries from user-inputted data that is sanitized in an ad hoc manner. If for no other reason than consistency, it seems to me that all such queries should use the prepare method, as this patch does.

Attachments (1)

prepare_login_queries.diff (1.5 KB) - added by filosofo 6 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7632]) Use DB prepare on login queries. Props filosofo. fixes #6640 for 2.5

comment:2 ryan6 years ago

(In [7633]) Use DB prepare on login queries. Props filosofo. fixes #6640 for trunk

comment:3 ryan6 years ago

  • Milestone changed from 2.6 to 2.5.1
Note: See TracTickets for help on using tickets.