Opened 3 years ago

Closed 3 years ago

#11774 closed defect (bug) (fixed)

in ms-edit.php, WPLANG site option gets updated without any validation

Reported by: Denis-de-Bernardy Owned by: ryan
Priority: normal Milestone: 3.0
Component: Security Version: 3.0
Severity: normal Keywords: multisite
Cc:

Description

there is a line in there that goes:

update_site_option( "WPLANG", $_POST['WPLANG'] );

in addition to the missing sanitization, we should at least make sure the lang file is around.

Change History (2)

comment:1   nacin3 years ago

  • Keywords multisite added

comment:2   ryan3 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [12946]) Introduce get_available_languages(). Validate WPLANG. fixes #11774

Note: See TracTickets for help on using tickets.