Meta fields are escaped too much (too many slashes) | WordPress.org

shooflydesign
(@shooflydesign)

8 years, 4 months ago
I was having an issue with some meta fields not being searched correctly. When the value has a quote mark in it (e.g. “5’10” or “5’7”), the query ends up adding like six extra slashes by the time WP_Query runs (“%5\\\\\’10%” and so on). I’ve solved this in my copy by changing this (starting at line 427):
```
$query['meta_query'][] = array(
	'key'     => $name,
	'value'   => $metadata,
	'compare' => 'LIKE'
);
```
to this:
```
$query['meta_query'][] = array(
	'key'     => $name,
	'value'   => stripslashes($metadata),
	'compare' => 'LIKE'
);
```
This works, giving me all the results I expect for those metafields, but I’m wondering if I’m introducing a security vulnerability here. I think the query is escaped later down the line, which is what’s causing all those slashes, but is there any reason this wouldn’t be safe?

https://wordpress.org/plugins/wp-ultimate-search/

The topic ‘Meta fields are escaped too much (too many slashes)’ is closed to new replies.

In: Plugins
0 replies
1 participant
Last reply from: shooflydesign
Last activity: 8 years, 4 months ago
Status: not resolved