Context Navigation

Ticket #43723: poc-43723.php

File poc-43723.php, 809 bytes (added by BjornW, 8 years ago)
PoC plugin demonstrates the inproperly escaped user_contactmethods data. After applying the patch the PoC will not work anymore and thus the issue is solved in user-edit.php

Line
1	<?php
2	/******************************************************************************
3	Plugin Name: PoC ticket 43723
4	Plugin URI: https://burobjorn.nl
5	Description: PoC shows not user_contactmethods data is not properly escaped
6	Version: 1.0
7	Author: Bjorn Wijers <burobjorn at burobjorn dot nl>
8	Author URI: https://burobjorn.nl
9	License: GPLv2 or later
10	******************************************************************************/
11
12	if( ! function_exists('poc_43723') ) {
13	function poc_43723( $methods ) {
14	if( is_array( $methods) ) {
15	$unsafe_data = array('test"><script>alert(\'If you can read this, data was not properly escaped\');</script>' => 'PoC-43723' );
16	return array_merge( $methods, $unsafe_data);
17	}
18	return $methods;
19	}
20	add_filter('user_contactmethods', 'poc_43723');
21	}
22	?>