On Tue, 2010-12-21 at 13:44 +0100, Leonard den Ottolander wrote:
> The patch shown in
> http://core.trac.wordpress.org/changeset/16625
>
> prompted me to try a
>
> $ grep -r "\=\ \%s\"" *
>
> in the web root of a WordPress installation. The matches are a bunch of
> possible SQL injections. Haven't checked the actual code paths,
This turned out to a wild goose chase: For all matches the substituted
strings are being quoted via wpdb->prepare().
Regard,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
> The patch shown in
> http://core.trac.wordpress.org/changeset/16625
>
> prompted me to try a
>
> $ grep -r "\=\ \%s\"" *
>
> in the web root of a WordPress installation. The matches are a bunch of
> possible SQL injections. Haven't checked the actual code paths,
This turned out to a wild goose chase: For all matches the substituted
strings are being quoted via wpdb->prepare().
Regard,
Leonard.
--
mount -t life -o ro /dev/dna /genetic/research
This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
[ reply ]