[buddypress-trac] [BuddyPress] #1223: Filters are often used in SQL without proper quote escaping (possible injection vulnerability)
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Mon Oct 12 21:02:19 UTC 2009
#1223: Filters are often used in SQL without proper quote escaping (possible
injection vulnerability)
--------------------------+-------------------------------------------------
Reporter: rvenable | Owner:
Type: defect | Status: new
Priority: critical | Milestone: 1.1.2
Keywords: sql injection |
--------------------------+-------------------------------------------------
There are multiple instances in the code for user-input filters where the
filter string is not properly escaped. All use the like_escape() function
(included in WP), but from I can tell, that function does not prevent SQL
injection.
bp-blogs-classes.php:
In BP_Blogs_Blog::search_blogs(): lines 205 and 208
bp-friends-classes.php:
In BP_Friends_Friendship::search_friends(): lines 168, 169, 171, 172
In BP_Friends_Friendship::search_users(): lines 233, 235
In BP_Friends_Friendship::search_users_count(): lines 255, 257
bp-groups-classes.php:
In BP_Groups_Group::filter_user_groups(): lines 262, 263
In BP_Groups_Group::search_groups(): lines 285, 286
In BP_Groups_Group::get_recently_joined(): line 702
In BP_Groups_Group::get_most_popular(): line 722
In BP_Groups_Group::get_recently_active(): line 742
In BP_Groups_Group::get_alphabetically(): lines 762
In BP_Groups_Group::get_is_admin_of(): line 782
In BP_Groups_Group::get_is_mod_of(): line 802
--
Ticket URL: <http://trac.buddypress.org/ticket/1223>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list