Ticket #4692 (closed defect: fixed)

Opened 10 months ago

Last modified 9 months ago

Wordpress /edit-comments.php Database Error (Bug)

Reported by: BenjaminFlesch Assigned to: Nazgul
Priority: normal Milestone: 2.2.2
Component: Administration Version: 2.2.1
Severity: normal Keywords: has-patch
Cc:

Description

In /edit-comments.php, the parameter apage is not properly sanitized before it is used to calculate the rows from which Wordpress tries to pull the comments from.

So in case apage has a negative numerical value, Wordpress throws a Database Error caused by an corrupted SQL Query which can be seen in the picture. It tries to SELECT all data from the table between rows -40 and 25, and this - of course - does not work ;)

Attachments

4692.diff (402 bytes) - added by Nazgul on 07/31/07 22:03:44.
for_22.patch (0.8 kB) - added by g30rg3x on 08/02/07 03:18:01.
For Branch 2.2

Change History

07/31/07 22:03:44 changed by Nazgul

  • attachment 4692.diff added.

07/31/07 22:04:19 changed by Nazgul

  • keywords set to has-patch.
  • owner changed from anonymous to Nazgul.
  • status changed from new to assigned.
  • milestone set to 2.3 (trunk).

08/01/07 19:41:44 changed by matt

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [5836]) Absolute numbers where we will never allow negatives, fixes #4692

08/02/07 03:18:01 changed by g30rg3x

  • attachment for_22.patch added.

For Branch 2.2

08/02/07 05:06:19 changed by g30rg3x

Please apply this for branch 2.2 :)

08/02/07 14:58:16 changed by markjaquith

(In [5839]) Absolute numbers where we will never allow negatives, fixes #4692 for 2.2.x, thanks g30rg3x

08/02/07 15:10:25 changed by markjaquith

(In [5840]) Sanitize cat_id, fixes #4692 for 2.2.x, thanks g30rg3x

08/02/07 15:10:43 changed by markjaquith

  • milestone changed from 2.3 (trunk) to 2.2.2.

08/02/07 15:18:40 changed by markjaquith

Doh... That last one was for #4691

08/03/07 19:06:59 changed by BenjaminFlesch

thanks for all your patches, guys, when may i expect an updated version?

-benjamin