22 Dec
2010
22 Dec
'10
4:49 p.m.
On Tue, 2010-12-21 at 13:44 +0100, Leonard den Ottolander wrote:
The patch shown in http://core.trac.wordpress.org/changeset/16625
prompted me to try a
$ grep -r "=\ %s"" *
in the web root of a WordPress installation. The matches are a bunch of possible SQL injections. Haven't checked the actual code paths,
This turned out to a wild goose chase: For all matches the substituted strings are being quoted via wpdb->prepare().
Regard, Leonard.
--
mount -t life -o ro /dev/dna /genetic/research