Ticket #6227 (closed defect: fixed)

Opened 7 months ago

Last modified 5 months ago

wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape

Reported by: BenDeRydt Assigned to: anonymous
Priority: normal Milestone: 2.6
Component: General Version: 2.3.3
Severity: normal Keywords:
Cc:

Description

I'd tried using wp_insert_post as described in the function reference. This caused major problems with post_content like --it's a rainy day-- because:

a. wp_insert_post does not escape its query parameters

b. it does not check the return value of $wpdb->query

This meant that I got a perfectly innocent ID in return which I used in other tables but there never was a post with this ID in the actual wp_posts table. Worst of all, WordPress cached some info of this post in its postcache, meaning I got a half finished post on the frontpage of my blog but no way to link to it.

Change History

03/14/08 21:39:46 changed by BenDeRydt

  • summary changed from wp_insert_post should check the return value of $wpdb->query or use $wpdb->query to wp_insert_post should check the return value of $wpdb->query or use $wpdb->escape.

Sorry, wrong title. I meant $wpdb->escape.

03/16/08 04:50:00 changed by lloydbudd

  • version set to 2.3.3.
  • milestone changed from 2.3.4 to 2.6.

05/05/08 23:19:28 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [7900]) wp_insert_post() -- Validate page template, check return of insert and update queries, add option to return WP_Error. fixes #6227 see #6098

05/12/08 23:43:41 changed by ryan

(In [7920]) wp_insert_post() -- Validate page template, check return of insert and update queries, add option to return WP_Error. fixes #6227 see #6098. for 2.5