[buddypress-trac] [BuddyPress] #4989: Improvements to groups classes to 'include' and 'exclude' args and parameters
buddypress-trac
noreply at wordpress.org
Tue May 7 19:02:56 UTC 2013
#4989: Improvements to groups classes to 'include' and 'exclude' args and
parameters
-----------------------------+-------------------------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: highest | Milestone: 1.7.2
Component: Groups | Version: 1.2
Severity: critical | Keywords: has-patch needs-testing
-----------------------------+-------------------------------------
It's possible to pass malformed values into several of the include and
exclude parameters in bp-groups-classes.php, causing unexpected results
(including potential SQL injection.)
Affected methods:
* BP_Groups_Group::get()
* BP_Groups_Group::get_by_most_forum_topics()
* BP_Groups_Group::get_by_letter()
* BP_Groups_Group::get_random()
* BP_Groups_Member::get_invites()
* BP_Groups_Member::get_all_for_group()
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4989>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list