Opened 3 years ago
Closed 3 years ago
#11778 closed defect (bug) (fixed)
ms-edit.php updates options without the slightest sanitization or unslashing
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 3.0 |
| Component: | Multisite | Version: | 3.0 |
| Severity: | major | Keywords: | |
| Cc: |
Description
we're at least missing a call to strip_slashes_deep() over in:
foreach ( (array) $_POST['option'] as $key => $val ) {
if( $key === 0 )
continue; // Avoids "0 is a protected WP option and may not be modified" error when edit blog options
if( $c == $count ) {
update_option( $key, $val );
} else {
update_option( $key, $val, false ); // no need to refresh blog details yet
}
$c++;
}
Change History (1)
Note: See
TracTickets for help on using
tickets.
(In [13115]) strip slashes, block arrays in ms-edit.php, fixes #11778