Are searches sanitized?

  • First of all, really great plugin – thanks a lot for your hard work!
    On a site I have better Search installed, I recently noticed some pretty suspicious-looking searches (in the “popular searches” widget, no less).

    Stuff like OR 2+773-773-1=0+0+0+1 -- -1 OR 2+24-24-1=0+0+0+1 -1\' OR 2+573-573-1=0+0+0+1 -- 1\'\" -1\' OR 2+92-92-1=0+0+0+1 or \'XWkDttFr\'=\' \\ -1\" OR 2+859-859-1=0+0+0+1 -- 1\0???? or if(now()=sysdate(),sleep(9),0)/*\'XOR(if(now()=sysdate(),sleep(9),0))OR\'\"XOR(if(now()=sysdate()

    Do I have to be worried about these and install some sort of WAF in front of the site, or are all search inputs properly sanitized by WP, with Better Search using the WP-sanitized results, and thus rendered completely harmless?

    (Sorry if this is a really dumb question).

    Thanks again!

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Are searches sanitized?’ is closed to new replies.

Tags