View Issue Details

IDProjectCategoryView StatusLast Update
0000334XMB1Bugspublic2010-02-24 17:57
Reportermiqrogroove Assigned Tomiqrogroove  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.9.10 
Target Version1.9.11.08Fixed in Version1.9.11.08 
Summary0000334: like_escape() Doesn't Slash Values Correctly
Descriptionlike_escape() misses some wildcard injections due to double-slash treatment of LIKE values inside of SQL string literals.

Discussion and patch posted at http://forums.xmbforum.com/viewthread.php?tid=775351
TagsNo tags attached.
MySQL Version
PHP Version
Web Server
Browser
Flags
Original Reporter
SVN Revision2219

Activities

miqrogroove

2010-02-04 16:33

administrator   ~0000226

While discussing like_escape() with the WordPress guys, I discovered the like-special set of characters is not limited to \ % _ as described by the MySQL manual. This is going to need more testing and more patching.

miqrogroove

2010-02-04 19:40

administrator   ~0000227

Okay, it looks like the first patch will hold. For some reason, MySQL decided quote slashing would be optional in LIKE values, so ' and \' always (?) have the same meaning. This means LIKE '\'' and LIKE '\\\'' are identical (?) until proven otherwise.

Issue History

Date Modified Username Field Change
2010-01-23 18:37 miqrogroove New Issue
2010-01-23 18:37 miqrogroove Status new => assigned
2010-01-23 18:37 miqrogroove Assigned To => miqrogroove
2010-01-23 18:38 miqrogroove SVN Revision => 2219
2010-01-23 18:38 miqrogroove Status assigned => resolved
2010-01-23 18:38 miqrogroove Fixed in Version => 1.9.11.08
2010-01-23 18:38 miqrogroove Resolution open => fixed
2010-02-04 16:33 miqrogroove Note Added: 0000226
2010-02-04 16:33 miqrogroove Status resolved => feedback
2010-02-04 16:33 miqrogroove Resolution fixed => reopened
2010-02-04 19:40 miqrogroove Note Added: 0000227
2010-02-04 19:40 miqrogroove Status feedback => resolved
2010-02-04 19:40 miqrogroove Resolution reopened => fixed
2010-02-24 17:57 miqrogroove Status resolved => closed