WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
03/17/2007 08:47:29 AM (18 years ago)
Author:
markjaquith
Message:

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.1.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.1/wp-admin/admin-functions.php

    r5007 r5057  
    359359        $text       = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
    360360        $text       = funky_javascript_fix( $text);
    361         $popupurl   = attribute_escape($_REQUEST['popupurl']);
     361        $popupurl   = clean_url($_REQUEST['popupurl']);
    362362        $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
    363363    }
     
    418418    $user->user_login   = attribute_escape($user->user_login);
    419419    $user->user_email   = attribute_escape($user->user_email);
    420     $user->user_url     = attribute_escape($user->user_url);
     420    $user->user_url     = clean_url($user->user_url);
    421421    $user->first_name   = attribute_escape($user->first_name);
    422422    $user->last_name    = attribute_escape($user->last_name);
     
    563563    $link = get_link( $link_id );
    564564
    565     $link->link_url         = attribute_escape($link->link_url);
     565    $link->link_url         = clean_url($link->link_url);
    566566    $link->link_name        = attribute_escape($link->link_name);
    567567    $link->link_image       = attribute_escape($link->link_image);
    568568    $link->link_description = attribute_escape($link->link_description);
    569     $link->link_rss         = attribute_escape($link->link_rss);
     569    $link->link_rss         = clean_url($link->link_rss);
    570570    $link->link_rel         = attribute_escape($link->link_rel);
    571571    $link->link_notes       =  wp_specialchars($link->link_notes);
     
    577577function get_default_link_to_edit() {
    578578    if ( isset( $_GET['linkurl'] ) )
    579         $link->link_url = attribute_escape( $_GET['linkurl']);
     579        $link->link_url = clean_url( $_GET['linkurl']);
    580580    else
    581581        $link->link_url = '';
     
    868868    $r .= "</td>\n\t\t<td>";
    869869    if ( current_user_can( 'edit_user', $user_object->ID ) ) {
    870         $edit_link = attribute_escape( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
     870        $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), "user-edit.php?user_id=$user_object->ID" ));
    871871        $r .= "<a href='$edit_link' class='edit'>".__( 'Edit' )."</a>";
    872872    }
Note: See TracChangeset for help on using the changeset viewer.