Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#10193 closed defect (bug) (fixed)

backto parameter used in database needs better validation

Reported by: westi's profile westi Owned by: westi's profile westi
Milestone: 2.8.1 Priority: normal
Severity: normal Version: 2.8
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

When the database upgrade completes you are offered a continue button to allow you to go back where you can from.

The backto link is escaped and sanitised but it is not validated to be for the local blog so could be used for a phishing style redirect

Attachments (3)

upgrade.diff (2.7 KB) - added by westi 15 years ago.
Fix for the issue. Creates new wp_validate_redirect function
upgrade-notice-free.diff (3.2 KB) - added by westi 15 years ago.
Also don't create a new notice
upgrade2.diff (2.8 KB) - added by westi 15 years ago.
With the typo fixed and the debug removed

Download all attachments as: .zip

Change History (10)

@westi
15 years ago

Fix for the issue. Creates new wp_validate_redirect function

#1 @Denis-de-Bernardy
15 years ago

the same applies to login/register, no?

#2 @Denis-de-Bernardy
15 years ago

also save post, etc.

#3 @westi
15 years ago

Normal the redirection is handled as a redirect using wp_safe_redirect().

Here we place it in a link which is different.

@westi
15 years ago

Also don't create a new notice

#4 @westi
15 years ago

And yes, if you wondered the +1 is just there to help you test.

#5 @Denis-de-Bernardy
15 years ago

There is a typo. It should be:

#location = wp_validate_redirect($location, admin_url());

#6 @Denis-de-Bernardy
15 years ago

with a $ even

@westi
15 years ago

With the typo fixed and the debug removed

#7 @markjaquith
15 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11611]) Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for 2.8.1

Note: See TracTickets for help on using tickets.