[wp-testers] Single quotes in user_login gives MySQL errors
Ryan Boren
ryan at boren.nu
Thu Jan 5 03:54:22 GMT 2006
On Thu, 2006-01-05 at 10:53 +0900, Jamie Talbot wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> Having a single quote in a user_login, in my case "Jamie's Keitai",
> breaks the MySQL query in get_userdatabylogin() in the latest changeset.
> Adding slashes to sanitize_user() seems to work to fix that. Will this
> break anything else?
The login should be passed in already escaped. Adding slashes within
sanitize_user() will cause double escaping. The place that is calling
get_userdatabylogin() needs to do the escaping.
Ryan
More information about the wp-testers
mailing list