Add some casts in Custom_Image_Header
|Reported by:||xknown||Owned by:||nacin|
The step_3 method of the Custom_Image_Header class does not sanitize the input data. One can pass for example any value in $_POST['attachment_id'] (even an URL), which can cause memory consumption problems in multisite environments.
Change History (8)
- Keywords has-patch added
- Milestone changed from Awaiting Review to 3.2