I’m hoping this saves someone some searching.
I upgraded a couple of blogs to WordPress 2.8 beta early this morning – and I had problems with a single plugin – Audit Trail by John Godley.
The symptom was that on login you got a blank screen and Apache/PHP threw this:
[Fri May 29 11:59:05 2009] [error] [client 10.0.0.1] PHP Fatal error: Call to undefined method AT_Auditor::_weak_escape() in /www/<foo>/wp-includes/wp-db.php on line 487, referer: http://<foo>/wp-login.php?redirect_to=/
The plugin itself is nicely written – and as part of the safety mechanism it uses wpdb::escape to explode out anything before injecting to the database.
One change in WP 2.8 looks like it affects this – login redirects are now urlencoded by default – http://core.trac.wordpress.org/ticket/9817 – and that looks like it’s clashing with the line above.
The temporary fix for me is to modify part of the plugin to not call into wp::db – and instead assume that the url has already been exploded out.
wp-content/plugins/audit-trail/models/audit.php
line 173
// $operation = wpdb::escape ($operation);
The risk for my implementation seems small – I’m only using audit-trail to track logins and logouts.
So if you are hunting down some generic <function>::_weak_escape errors in WordPress 2.8 beta – take a trawl through your plugins and see if there is a wpdb::escape call. There may be some relatively low impact fixes out there.
Recent Comments