Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#11119 closed task (blessed) (fixed)

Press This Security Fix

Reported by: noel Owned by: noel
Priority: high Milestone: 2.8.6
Component: Press This Version:
Severity: normal Keywords: press this, has-patch
Cc: ryan

Description

Potential XSS for logged in users.

Patch attached.

Attachments (2)

press-this-xss-bug-11-10-2009.patch (736 bytes) - added by noel 4 years ago.
fixes potential xss issue
press-this.002.diff (1.8 KB) - added by markjaquith 4 years ago.

Download all attachments as: .zip

Change History (6)

noel4 years ago

fixes potential xss issue

markjaquith4 years ago

comment:1   markjaquith4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [12168]) Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119

comment:2   markjaquith4 years ago

(In [12169]) Some extra XSS protection. Redundant, but we should always escape late! see #11119

comment:3   markjaquith4 years ago

(In [12170]) Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119 for 2.8.x

comment:4   ryan4 years ago

  • Milestone changed from 2.9 to 2.8.6
Note: See TracTickets for help on using tickets.