id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
21113,Previous/Next page links maintain all GET variables,kirrus,,"The newer/older entries pagination system takes any query string in a inbound request, and includes it in the links generated for the newer/older entries. 

This causes problems when you put wordpress behind a cache, because all it takes is some bot trying a joomla hack to mean all visitors suddenly have a version of that page, including the bad query string, very visible.

For example:
http://kirrus.co.uk/page/6/?test=true

Note, in the 'Newer/Older' links at the bottom of the page, that ""test=true"" will be retained.

These should only really keep query-strings that wordpress knows it'll need, if you're including them? Else, you can basically poison someone's cache with this.

An example of the really bad query string poisoning a cache:
/page/2/?option=com_gk3_tabs_manager&controller=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%0000",enhancement,new,normal,Awaiting Review,General,3.4,normal,,needs-patch 2nd-opinion close,crazycoders