[buddypress-trac] [BuddyPress] #1223: Filters in SQL without proper quote escaping
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Thu Oct 22 14:29:17 UTC 2009
#1223: Filters in SQL without proper quote escaping
-----------------------+----------------------------------------------------
Reporter: rvenable | Owner: apeatling
Type: defect | Status: reopened
Priority: blocker | Milestone: 1.1.2
Resolution: | Keywords: security, sql injection, needs-patch
-----------------------+----------------------------------------------------
Changes (by DJPaul):
* status: closed => reopened
* resolution: fixed =>
Comment:
Could I just get something clarified? Unless I am misreading,
like_escape() returns a value, it doesn't do it by reference, so the
returned values aren't actually being used? Thanks.
--
Ticket URL: <http://trac.buddypress.org/ticket/1223#comment:7>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list