WordPress.org

Ready to get started?Download WordPress

Forums

Simple Ads Manager
Category and tag names not properly escaped for mysql. (2 posts)

  1. entr
    Member
    Posted 2 years ago #

    I'm talking about the buildAd function. Obviously when building query string containing " FIND_IN_SET(\"{$category->cat_name}\", $aTable.view_cats)" if category name contains double quotes this fails.

    I had to throw a quick fix : ad.class.php : line 158

    $cat_name_db = $wpdb->_real_escape( $category->cat_name );
                  if(empty($wcc_0)) $wcc_0 = " FIND_IN_SET(\"{$cat_name_db}\", $aTable.view_cats)";
    [...]

    and line 174

    $tag_name_db = $wpdb->_real_escape( $tag->name );
                  if(empty($wct_0)) $wct_0 = " FIND_IN_SET(\"{$tag_name_db}\", $aTable.view_tags)";

    There could be more I didn't go through the whole stuff.

    Nice plugin. Keep the good work.

    http://wordpress.org/extend/plugins/simple-ads-manager/

  2. minimus
    Member
    Plugin Author

    Posted 2 years ago #

    Wait version 1.5! Categories (tags, authors) will be detected by slug, not by name...

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic