Re: WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, 2010-12-21 at 13:44 +0100, Leonard den Ottolander wrote:
> The patch shown in
> http://core.trac.wordpress.org/changeset/16625
> 
> prompted me to try a
> 
> $ grep -r "\=\ \%s\"" *
> 
> in the web root of a WordPress installation. The matches are a bunch of
> possible SQL injections. Haven't checked the actual code paths,

This turned out to a wild goose chase: For all matches the substituted
strings are being quoted via wpdb->prepare().

Regard,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux