On Thu, 2006-01-05 at 10:53 +0900, Jamie Talbot wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > Having a single quote in a user_login, in my case "Jamie's Keitai", > breaks the MySQL query in get_userdatabylogin() in the latest changeset. > Adding slashes to sanitize_user() seems to work to fix that. Will this > break anything else?
The login should be passed in already escaped. Adding slashes within sanitize_user() will cause double escaping. The place that is calling get_userdatabylogin() needs to do the escaping. Ryan _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
