search

wp-cli / php-cli-tools

A collection of tools to help with PHP command line utilities
MIT License
672 stars 118 forks source link

% characters not properly escaped before being passed to sprintf #85

Closed leewillis77 closed 8 years ago

leewillis77 commented 8 years ago

Using WP CLI, the following steps show the problem:

  1. Update your user account so that your name contains a %, e.g. "Lee %s Willis"
  2. Run wp user list
  3. Note that the name of the user is displayed as "Lee Willis".

The %s has not been escaped and has been passed to sprintf as-is.

leewillis77 commented 8 years ago

Sorry - opened before full details added.