WordPress.org

Make WordPress Core

Opened 22 months ago

Closed 19 months ago

#18445 closed defect (bug) (fixed)

Unifiltered text can be inserted via Link Image To field when side-loading media

Reported by: DrewAPicture Owned by: azaozz
Priority: normal Milestone: 3.3
Component: Formatting Version: 3.2.1
Severity: normal Keywords: has-patch dev-feedback
Cc:

Description

It looks like the replace methods were left out for f.url.value in wp-admin/includes/media.php. Thus, unfiltered text including complete javascript strings can be passed through the 'Link Image To' field when side-loading media via the 'From URL' tab. The unfiltered text is dropped untouched into the media's link tag and has potential to wreak havoc.

Reproduce:

In posting page-> Add media > Goto 'From URL' tab > Input a url to a valid remote image > Input special characters into the 'Link Image To' field > Insert into post.

Attachments (1)

18445.diff (737 bytes) - added by DrewAPicture 21 months ago.
Remade patch root-relative at 18759

Download all attachments as: .zip

Change History (7)

comment:1 DrewAPicture22 months ago

  • Keywords has-patch added; needs-patch removed

comment:2 SergeyBiryukov22 months ago

  • Milestone changed from Awaiting Review to 3.3

comment:3 DrewAPicture22 months ago

  • Component changed from Validation to Formatting

Tested on trunk and inserted media URLs are now filtered as expected.

Version 0, edited 22 months ago by DrewAPicture (next)

comment:4 DrewAPicture22 months ago

  • Keywords dev-feedback added

DrewAPicture21 months ago

Remade patch root-relative at 18759

comment:5 nacin19 months ago

  • Owner set to azaozz
  • Status changed from new to assigned

comment:6 azaozz19 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [19275]:

Filter the link href when inserting external image in the editor, props DrewAPicture, fixes #18445

Note: See TracTickets for help on using tickets.