Opened 4 years ago

Closed 2 years ago

#10415 closed defect (bug) (fixed)

URL not secured in wp-trackback.php

Reported by: McGurk Owned by:
Priority: normal Milestone: 3.0.2
Component: Pings/Trackbacks Version:
Severity: normal Keywords:
Cc: smartajonte@…

Description

I've found that the variable $tb_url is never escaped before it's inserted into the database. I think a $wpdb->escape is needed.

Change History (4)

comment:1   McGurk4 years ago

  • Cc smartajonte@… added

comment:2   azaozz4 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version 2.8.1 deleted

It's escaped properly, $wpdb->prepare() escapes it.

comment:3   nacin2 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:4   nacin2 years ago

  • Milestone set to 3.0.2
  • Resolution set to fixed
  • Status changed from reopened to closed

[16624] [16625]

Note: See TracTickets for help on using tickets.