WordPress.org

Ready to get started?Download WordPress

Forums

May 27 security update question (2 posts)

  1. rmang
    Member
    Posted 9 years ago #

    Does the May 27 security update for wp-includes/template-functions-category.php apply to a stock 1.5 install, or only a 1.5.1 install? I noticed the code is quite different between the 2 versions where the fix is applied, so just wanted to double check. Thanks.

  2. rmang
    Member
    Posted 9 years ago #

    1.5.1.1 has the code:
    ---
    function get_the_category_by_ID($cat_ID) {
    $cat_ID = (int) $cat_ID;
    $category = &get_category($cat_ID);
    return $category->cat_name;
    }
    ---

    1.5 has the code:
    ---
    function get_the_category_by_ID($cat_ID) {
    global $cache_categories, $wpdb;
    if ( !$cache_categories[$cat_ID] ) {
    $cat_name = $wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE cat_ID = '$cat_ID'");
    $cache_categories[$cat_ID]->cat_name = $cat_name;
    } else {
    $cat_name = $cache_categories[$cat_ID]->cat_name;
    }
    return($cat_name);
    }
    ---

    Is putting the line "$cat_ID = (int) $cat_ID;" at the top of the function for 1.5 viable, or is this security issue only affecting 1.5.1?

    Rob

Topic Closed

This topic has been closed to new replies.

About this Topic