Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 15 years ago

Closed 15 years ago

#11774 closed defect (bug) (fixed)

in ms-edit.php, WPLANG site option gets updated without any validation

Reported by:	Denis-de-Bernardy	Owned by:	ryan
Milestone:	3.0	Priority:	normal
Severity:	normal	Version:	3.0
Component:	Security	Keywords:
Focuses:	multisite	Cc:

Description

there is a line in there that goes:

update_site_option( "WPLANG", $_POST['WPLANG'] );

in addition to the missing sanitization, we should at least make sure the lang file is around.

Change History (2)

#1 @nacin
15 years ago

Keywords multisite added

#2 @ryan
15 years ago

Resolution set to fixed
Status changed from new to closed

(In [12946]) Introduce get_available_languages(). Validate WPLANG. fixes #11774

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: