[wp-hackers] WordPress Charset SQL Injection Vulnerability

Matt Mullenweg m at mullenweg.com
Sun Dec 16 03:03:51 GMT 2007


Austin Matzko wrote:
> I think he may be talking about suppressing DB errors in general.  For
> example, currently WP calls the wpdb show_errors method in several
> places.  It seems to me that the show_errors object variable should be
> set to false, and the show_errors method should be called only if
> WP_DEBUG is set to true.  Were that the case, the error mentioned in
> this thread would not show.

I agree.

We should also take the WordPress logo out of pages we show when the 
blog is down, it's bad associations. :)

-- 
Matt Mullenweg
  http://photomatt.net | http://wordpress.org
http://automattic.com | http://akismet.com


More information about the wp-hackers mailing list