WordPress.org
Get WordPress

Make WordPress Core

Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#3504 closed defect (bug) (wontfix)

Post Meta Adding Slashes

Reported by: cpoteet's profile cpoteet Owned by:
Milestone: Priority: high
Severity: normal Version: 2.0.5
Component: Administration Keywords:
Focuses: Cc:

Description

The custom fields function in version 2.05 adds a slash before apostrophes and quotations for the SQL insert.

$value = maybe_serialize($value);
$value = $wpdb->escape($value);
$value = stripslashes($value); // Added to remove slashes before insert

Change History (4)

#1 in reply to: ↑ description @cpoteet
17 years ago

Replying to cpoteet:

The custom fields function in version 2.05 adds a slash before apostrophes and quotations for the SQL insert.

$value = maybe_serialize($value);
$value = $wpdb->escape($value);
$value = stripslashes($value); // Added to remove slashes before insert

Sorry, that was in /wp-includes/functions.php at line 460.

#2 @Viper007Bond
17 years ago

  • Milestone changed from 2.2 to 2.0.6

Isn't the whole point of $wpdb->escape() to add slashes so it can safely be inserted into the database?

If there really is a slash problem, then it should be handled on the way out of the database.

And not sure about 2.0.6 vs. 2.0.7, but I've marked it as 2.0.6 just to be safe, especially since this is rather minor.

#3 @markjaquith
17 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

Right now, that's how the function is going to work. You pass unescaped data and it escapes it.

See also #3243

#4 @foolswisdom
17 years ago

  • Milestone 2.0.6 deleted
Note: See TracTickets for help on using tickets.