[OpenID] OpenID and WordPress

Jonathan Daugherty cygnus at janrain.com
Thu Jan 11 17:55:17 UTC 2007


# Has anyone checked that code for SQL injection vulnerabilities?
# 
# (For example, line 197 in openid_module looks scary, but maybe 
# I'm missing something.)

Presuming Drupal's db_query() replaces placeholders with escaped data,
there's no injection vulnerability there.

-- 
  Jonathan Daugherty
  JanRain, Inc.
  irc.freenode.net: cygnus in #openid
  cygnus.myopenid.com



More information about the general mailing list