[wp-trac] [WordPress Trac] #2751: Metavalues not properly escaped before being inserted into the database

WordPress Trac wp-trac at lists.automattic.com
Sun May 28 21:34:43 GMT 2006


#2751: Metavalues not properly escaped before being inserted into the database
----------------------------+-----------------------------------------------
       Id:  2751            |      Status:  new                     
Component:  Administration  |    Modified:  Sun May 28 21:34:43 2006
 Severity:  normal          |   Milestone:                          
 Priority:  normal          |     Version:  2.0.2                   
    Owner:  anonymous       |    Reporter:  joaocosta               
----------------------------+-----------------------------------------------
 Certain plugins use meta fields for specific purposes.  When a post
 containing these meta fields is saved, their content is not being escaped
 and if the field contains special SQL characters, the result is a MySQL
 error.

   The place where this error occurs is in wp-includes/functions.php, line
 433.

   I patched mine by adding a call to $wpdb->escape before the metavalue is
 inserted in the database.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/2751>
WordPress Trac <http://wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list