Context Navigation

← Previous Ticket
Next Ticket →

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#14594 closed defect (bug) (fixed)

Header injection in ms-files.php?

Reported by:	Denis-de-Bernardy	Owned by:
Priority:	normal	Milestone:	3.1
Component:	Security	Version:	3.0.1
Severity:	normal	Keywords:
Cc:

Description

http://core.trac.wordpress.org/browser/trunk/wp-includes/ms-files.php?rev=14609#L41

Isn't there any potential to send raw, unfiltered data in this line?

Change History (4)

comment:1 Denis-de-Bernardy — 3 years ago

Resolution set to fixed
Status changed from new to closed

comment:2 Denis-de-Bernardy — 3 years ago

There might still be some potential for injections, though. Unit tests would be good...

comment:3 hakre — 3 years ago

Related: #14450

comment:4 nacin — 3 years ago

Milestone changed from Awaiting Review to 3.1

Note: See TracTickets for help on using tickets.

Download in other formats: