[buddypress-trac] [BuddyPress] #1223: Filters are often used in SQL without proper quote escaping (possible injection vulnerability)

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Mon Oct 12 21:02:19 UTC 2009


#1223: Filters are often used in SQL without proper quote escaping (possible
injection vulnerability)
--------------------------+-------------------------------------------------
Reporter:  rvenable       |       Owner:       
    Type:  defect         |      Status:  new  
Priority:  critical       |   Milestone:  1.1.2
Keywords:  sql injection  |  
--------------------------+-------------------------------------------------
 There are multiple instances in the code for user-input filters where the
 filter string is not properly escaped. All use the like_escape() function
 (included in WP), but from I can tell, that function does not prevent SQL
 injection.

 bp-blogs-classes.php:
 In BP_Blogs_Blog::search_blogs(): lines 205 and 208

 bp-friends-classes.php:
 In BP_Friends_Friendship::search_friends(): lines 168, 169, 171, 172
 In BP_Friends_Friendship::search_users(): lines 233, 235
 In BP_Friends_Friendship::search_users_count(): lines 255, 257

 bp-groups-classes.php:
 In BP_Groups_Group::filter_user_groups(): lines 262, 263
 In BP_Groups_Group::search_groups(): lines 285, 286
 In BP_Groups_Group::get_recently_joined(): line 702
 In BP_Groups_Group::get_most_popular(): line 722
 In BP_Groups_Group::get_recently_active(): line 742
 In BP_Groups_Group::get_alphabetically(): lines 762
 In BP_Groups_Group::get_is_admin_of(): line 782
 In BP_Groups_Group::get_is_mod_of(): line 802

-- 
Ticket URL: <http://trac.buddypress.org/ticket/1223>
BuddyPress <http://buddypress.org/>
BuddyPress


More information about the buddypress-trac mailing list