[wp-hackers] forum post: sql injection

Scott Merrill skippy at skippy.net
Thu Aug 4 20:38:05 GMT 2005

Scott Merrill wrote:
> http://wordpress.org/support/topic/41064
> A quckie plugin registered against check_passwords might be a stop-gap fix.

Untested, but does this look sufficient?

Plugin Name: Check Password
Plugin URI: http://www.skippy.net/blog/plugins/
Description: sanitize passwords against SQL injection
Author: Scott Merrill
Version: 1.0
Author URI: http://www.skippy.net/

add_action('check_password', 'sdm_pw_check');

function sdm_pw_check($user_login, &$pass1, &$pass2) {
$pass1 = preg_replace('/['"]/', '', $pass1);
$pass2 = preg_replace('/['"]/', '', $pass2);


skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the wp-hackers mailing list