Ticket #5135 (closed defect (bug): fixed)

Opened 4 years ago

Last modified 4 years ago

Pages are not sanitized in wp-admin/page.php

Reported by: xknown Owned by: anonymous
Priority: normal Milestone: 2.3.1
Component: Administration Version: 2.3
Severity: normal Keywords:
Cc:

Description

As a consequence of #4546, page contents are not sanitized in wp-admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).

Steps to reproduce the problem:

  1. Create a new page with any title and some html. 
    </textarea><script>alert(/Not escaped/)</script>
  2. Press "Save and Continue Editing" button.

The attached patch adds sanitize_post to get_page function and also escapes post_title in parent_dropdown.

Attachments

sanitize_page.diff Download (3.1 KB) - added by xknown 4 years ago.
sanitize pages

Change History

xknown4 years ago

sanitize pages

comment:1   ryan4 years ago

  • Status changed from new to closed
  • Resolution set to fixed

(In [6184]) Add page sanitization. Props xknown. fixes #5135 for 2.3

comment:2   ryan4 years ago

(In [6185]) Add page sanitization. Props xknown. fixes #5135 for trunk

Note: See TracTickets for help on using tickets.