Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#5135 closed defect (bug) (fixed)

Pages are not sanitized in wp-admin/page.php

Reported by: xknown Owned by: anonymous
Priority: normal Milestone: 2.3.1
Component: Administration Version: 2.3
Severity: normal Keywords:
Cc:

Description

As a consequence of #4546, page contents are not sanitized in wp-admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).

Steps to reproduce the problem:

  1. Create a new page with any title and some html. 
    </textarea><script>alert(/Not escaped/)</script>
  2. Press "Save and Continue Editing" button.

The attached patch adds sanitize_post to get_page function and also escapes post_title in parent_dropdown.

Attachments (1)

sanitize_page.diff (3.1 KB) - added by xknown 6 years ago.
sanitize pages

Download all attachments as: .zip

Change History (3)

xknown6 years ago

sanitize pages

comment:1   ryan6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6184]) Add page sanitization. Props xknown. fixes #5135 for 2.3

comment:2   ryan6 years ago

(In [6185]) Add page sanitization. Props xknown. fixes #5135 for trunk

Note: See TracTickets for help on using tickets.