Ticket #11119 (closed task (blessed): fixed)

Opened 2 years ago

Last modified 2 years ago

Press This Security Fix

Reported by: noel Owned by: noel
Priority: high Milestone: 2.8.6
Component: Press This Version:
Severity: normal Keywords: press this, has-patch
Cc: ryan

Description

Potential XSS for logged in users.

Patch attached.

Attachments

press-this-xss-bug-11-10-2009.patch Download (736 bytes) - added by noel 2 years ago.
fixes potential xss issue
press-this.002.diff Download (1.8 KB) - added by markjaquith 2 years ago.

Change History

noel2 years ago

fixes potential xss issue

markjaquith2 years ago

comment:1   markjaquith2 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [12168]) Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119

comment:2   markjaquith2 years ago

(In [12169]) Some extra XSS protection. Redundant, but we should always escape late! see #11119

comment:3   markjaquith2 years ago

(In [12170]) Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119 for 2.8.x

comment:4   ryan2 years ago

  • Milestone changed from 2.9 to 2.8.6
Note: See TracTickets for help on using tickets.