[wp-testers] Single quotes in user_login gives MySQL errors
Jamie Talbot
wphackers at jamietalbot.com
Fri Jan 6 02:25:59 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matt Mullenweg wrote:
> Jamie Talbot wrote:
>
> I thought we were sanitizing usernames to be pretty tame and not allow
> junk like apostrophes and spaces?
Managed to track the bug down and it's actually in PHPExec 1.7:
The plugin was calling the_author with parameters that look like it was
expecting a userlogin. Actually, that function only returns the author
display name now and the id_mode parameter is unused. Did this change
recently?
Changing the call from:
$phpexec_userdata = get_userdatabylogin(the_author('login',false));
to
$phpexec_userdata = get_userdatabylogin(get_the_author_login());
fixed it.
I'll close that bug down and let the author know...
Cheers,
Jamie.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDvdU2rovxfShShFARAhc6AJ9B1WRJsM639mJJWxSV8h7r3d30iwCeMtqP
ph3px9NqM4gJsiGBdj5mGZA=
=iAUV
-----END PGP SIGNATURE-----
More information about the wp-testers
mailing list