Make WordPress Core

Ticket #11119: press-this-xss-bug-11-10-2009.patch

File press-this-xss-bug-11-10-2009.patch, 736 bytes (added by noel, 15 years ago)

fixes potential xss issue

  • wp-admin/press-this.php

     
    9191}
    9292
    9393// Set Variables
    94 $title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : '';
    95 $selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
     94$title = isset($_GET['t']) ? esc_html( aposfix(stripslashes( $_GET['t'] )) ) : '';
     95$selection = isset($_GET['s']) ? esc_html( trim(aposfix(stripslashes( $_GET['s'] ))) ) : '';
    9696if ( ! empty($selection) ) {
    9797        $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
    9898        $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';