WordPress.org

Make WordPress Core

Ticket #11119: press-this-xss-bug-11-10-2009.patch

File press-this-xss-bug-11-10-2009.patch, 736 bytes (added by noel, 4 years ago)

fixes potential xss issue

  • wp-admin/press-this.php

     
    9191} 
    9292 
    9393// Set Variables 
    94 $title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : ''; 
    95 $selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; 
     94$title = isset($_GET['t']) ? esc_html( aposfix(stripslashes( $_GET['t'] )) ) : ''; 
     95$selection = isset($_GET['s']) ? esc_html( trim(aposfix(stripslashes( $_GET['s'] ))) ) : ''; 
    9696if ( ! empty($selection) ) { 
    9797        $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection); 
    9898        $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';