[buddypress-trac] [BuddyPress] #1223: Filters in SQL without proper quote escaping

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Thu Oct 22 14:29:17 UTC 2009

#1223: Filters in SQL without proper quote escaping
  Reporter:  rvenable  |       Owner:  apeatling                           
      Type:  defect    |      Status:  reopened                            
  Priority:  blocker   |   Milestone:  1.1.2                               
Resolution:            |    Keywords:  security, sql injection, needs-patch
Changes (by DJPaul):

  * status:  closed => reopened
  * resolution:  fixed =>


 Could I just get something clarified?  Unless I am misreading,
 like_escape() returns a value, it doesn't do it by reference, so the
 returned values aren't actually being used?  Thanks.

Ticket URL: <http://trac.buddypress.org/ticket/1223#comment:7>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list