Opened 15 years ago
Closed 15 years ago
#10193 closed defect (bug) (fixed)
backto parameter used in database needs better validation
Reported by: | westi | Owned by: | westi |
---|---|---|---|
Milestone: | 2.8.1 | Priority: | normal |
Severity: | normal | Version: | 2.8 |
Component: | Upgrade/Install | Keywords: | |
Focuses: | Cc: |
Description
When the database upgrade completes you are offered a continue button to allow you to go back where you can from.
The backto link is escaped and sanitised but it is not validated to be for the local blog so could be used for a phishing style redirect
Attachments (3)
Change History (10)
Note: See
TracTickets for help on using
tickets.
Fix for the issue. Creates new wp_validate_redirect function