[wp-hackers] WordPress Charset SQL Injection Vulnerability
Austin Matzko
if.website at gmail.com
Sat Dec 15 23:03:34 GMT 2007
On Dec 15, 2007 5:26 PM, Lloyd Budd <lloydomattic at gmail.com> wrote:
> On Dec 15, 2007 1:09 PM, Robin Adrianse <robin.adr at gmail.com> wrote:
> > I've never understood why WordPress displays detailed SQL errors in an
> > environment that is almost definitely production. Maybe it would be more
> > prudent to be able to disable these? If something got changed around I
> > wouldn't want my visitors to be seeing paragraphs of SQL errors everywhere.
>
> Hi Robin,
>
> Can you provide some specific examples of these? (bug #s) Generally,
> that isn't the case, and my experience has been that they have been
> fixed when identified.
I think he may be talking about suppressing DB errors in general. For
example, currently WP calls the wpdb show_errors method in several
places. It seems to me that the show_errors object variable should be
set to false, and the show_errors method should be called only if
WP_DEBUG is set to true. Were that the case, the error mentioned in
this thread would not show.
More information about the wp-hackers
mailing list