[wp-hackers] forum post: sql injection
Scott Merrill
skippy at skippy.net
Thu Aug 4 20:38:05 GMT 2005
Scott Merrill wrote:
> http://wordpress.org/support/topic/41064
>
> A quckie plugin registered against check_passwords might be a stop-gap fix.
>
Untested, but does this look sufficient?
<?php
/*
Plugin Name: Check Password
Plugin URI: http://www.skippy.net/blog/plugins/
Description: sanitize passwords against SQL injection
Author: Scott Merrill
Version: 1.0
Author URI: http://www.skippy.net/
*/
add_action('check_password', 'sdm_pw_check');
function sdm_pw_check($user_login, &$pass1, &$pass2) {
$pass1 = preg_replace('/['"]/', '', $pass1);
$pass2 = preg_replace('/['"]/', '', $pass2);
}
?>
--
skippy at skippy.net | http://skippy.net/
gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49 3544 476A 7DEC 9CFA 4B35
More information about the wp-hackers
mailing list