WordPress.org

Forums

Redirection
[resolved] Plugin Is Unsafe Till PHP Warning: Missing argument 2 for wpdb::prepare() is fix (3 posts)

  1. Meckin
    Member
    Posted 1 year ago #

    Hello,

    I just wanted to document this for other users, that don't look at the write (http://make.wordpress.org/core/2012/12/12/php-warning-missing-argument-2-for-wpdb-prepare/)

    "So, this is a new warning in 3.5. No sites are broken, everything is fine as before. But, this is indeed something you need to look at, because you may be exposing your users to a possible SQL injection vulnerability. Now that’s no fun!"

    If you see this error at the top of your plug in, "Warning: Missing argument 2 for wpdb::prepare(), called in"

    According to this write up, the plug in is unsafe, and might make you open for SQL injections.

    Till it's fix I would turn it off, less you look at http://wordpress.org/support/topic/missing-argument-2-for-wpdbprepare-17?replies=13

    for a manual fix.

    I'm sorry, but I had to bring this to the attention of others.

    http://wordpress.org/plugins/redirection/

  2. John Godley
    Member
    Plugin Author

    Posted 1 year ago #

    The warning is there to highlight queries that may be unsafe but could be non-obvious because they use $wpdb->prepare(). It does not mean that the queries are unsafe - the warning is erring on the side of caution.

  3. Meckin
    Member
    Posted 1 year ago #

    This has been fixed. Thanks for the update. Thanks for your help!

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Redirection
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

Tags

No tags yet.