Opened 15 years ago
Closed 15 years ago
#1223 closed defect (bug) (fixed)
Filters in SQL without proper quote escaping
Reported by: | rvenable | Owned by: | apeatling |
---|---|---|---|
Milestone: | 1.1.2 | Priority: | blocker |
Severity: | Version: | ||
Component: | Keywords: | security, sql injection, needs-patch | |
Cc: | Jason_JM |
Description
There are multiple instances in the code for user-input filters where the filter string is not properly escaped. All use the like_escape() function (included in WP), but from I can tell, that function does not prevent SQL injection.
bp-blogs-classes.php:
In BP_Blogs_Blog::search_blogs(): lines 205 and 208
bp-friends-classes.php:
In BP_Friends_Friendship::search_friends(): lines 168, 169, 171, 172
In BP_Friends_Friendship::search_users(): lines 233, 235
In BP_Friends_Friendship::search_users_count(): lines 255, 257
bp-groups-classes.php:
In BP_Groups_Group::filter_user_groups(): lines 262, 263
In BP_Groups_Group::search_groups(): lines 285, 286
In BP_Groups_Group::get_recently_joined(): line 702
In BP_Groups_Group::get_most_popular(): line 722
In BP_Groups_Group::get_recently_active(): line 742
In BP_Groups_Group::get_alphabetically(): lines 762
In BP_Groups_Group::get_is_admin_of(): line 782
In BP_Groups_Group::get_is_mod_of(): line 802
Change History (8)
#3
@
15 years ago
- Summary changed from Filters are often used in SQL without proper quote escaping (possible injection vulnerability) to Filters in SQL without proper quote escaping
#5
@
15 years ago
- Cc Jason_JM added
- Owner set to apeatling
- Priority changed from critical to blocker
- Status changed from new to assigned
This absolutely must get fixed *ASAP*
I will take care of the rest of the criticals so Andy can work on this.
Also, the like_escape() function returns its value, but that returned value isn't actually being used.