Hi!
May I ask which wordpress version are you using? I’ve been testing the search for hundreds of cases of injection and XSS codes, but I wasn’t able to get anything.
I’ve tried the phrase you said, but it doesn’t do the same for me. All terms are filtered with the $wpdb->esc_like() call, so the query is passed on to the wordpress database layer for further checks.
Some previous (4.0) versions of wordpress had some troubles escaping these kind of statements, but as far as I know, there is no known security flaw in the current wp version.
All you did was entered was that snippet and the code just broke? Or did you enter this via the web inspector? Single or double quotes?
If you want I can check this on your server, maybe there is something different than on my test environment and demo servers. It looks like a front end issue due to the invalid input, which messes up the DOM tree. I couldn’t achieve it on chrome, maybe another browser. If you refresh the page then it’s gone, is it?
The database error is a good sign, it means that it’s not executed, thus the escaping was successful. It would be a bigger problem if this reached the statistics database un-escaped.
Let me know if I can check this on your server or the exact steps (including wp version, operating system, browser type and version) on how should I re-create the problem. I does not look like a security flaw, as the query is not executed, but it’s definitely worth investigating further.
Thank you for the notice!
-
This reply was modified 8 years, 10 months ago by
Ernest Marcinko.
-
This reply was modified 8 years, 10 months ago by
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
