[wp-trac] [WordPress Trac] #21548: Wrong mysql_set_charset() params order in wp-db.php
WordPress Trac
wp-trac at lists.automattic.com
Sat Aug 11 10:37:44 UTC 2012
#21548: Wrong mysql_set_charset() params order in wp-db.php
--------------------------+-----------------------------
Reporter: gubnota | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Database | Version: 3.3.2
Severity: normal | Keywords: has-patch
--------------------------+-----------------------------
Potential SQL injection vulnerability found in wp-includes/wp-db.php where
mysql_set_charset() execution in class wpdb->set_charset() has wrong param
order.
Whereas it should be:
{{{
mysql_set_charset( $dbh, $charset );
}}}
It is:
{{{
mysql_set_charset( $charset, $dbh );
}}}
In some cases it causes MySQL to use default latin1 encoding.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21548>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list