ms-edit.php / addblog action improperly sanitizes domains
|Reported by:||Denis-de-Bernardy||Owned by:||ryan|
it uses sanitize_user in non-strict mode with a twist:
$domain = sanitize_user( str_replace( '/', '', $blog[ 'domain' ] ) );
as I read sanitize_user, this can allow for subdomains with improper characters in them.
Change History (10)
- Resolution fixed deleted
- Status changed from closed to reopened
Note: See TracTickets for help on using tickets.