Opened 15 years ago
Closed 14 years ago
#10896 closed defect (bug) (fixed)
preg_replace with eval modifier used in _fix_attachment_links
Reported by: | westi | Owned by: | westi |
---|---|---|---|
Milestone: | 2.9 | Priority: | high |
Severity: | major | Version: | 2.8.4 |
Component: | Security | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Reported by BenBE1987 on #8689
This code:
$post_search[$i] = $anchor; $post_replace[$i] = preg_replace( "#href=(\"|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor ); ++$i;
Change History (5)
#2
@
15 years ago
- Milestone changed from 2.9 to 2.8.5
- Priority changed from normal to high
- Severity changed from normal to major
#3
@
15 years ago
- Milestone changed from 2.8.5 to 2.9
Could you create a patch file for that.
Instructions can be found from here:
http://markjaquith.wordpress.com/2005/11/02/my-wordpress-toolbox/
http://blog.ftwr.co.uk/archives/2005/11/03/windows-wordpress-toolbox/
Note: See
TracTickets for help on using
tickets.
Patched locally for me as:
Not sure if this fully works.