WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#10193 closed defect (bug) (fixed)

backto parameter used in database needs better validation

Reported by: westi Owned by: westi
Milestone: 2.8.1 Priority: normal
Severity: normal Version: 2.8
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

When the database upgrade completes you are offered a continue button to allow you to go back where you can from.

The backto link is escaped and sanitised but it is not validated to be for the local blog so could be used for a phishing style redirect

Attachments (3)

upgrade.diff (2.7 KB) - added by westi 7 years ago.
Fix for the issue. Creates new wp_validate_redirect function
upgrade-notice-free.diff (3.2 KB) - added by westi 7 years ago.
Also don't create a new notice
upgrade2.diff (2.8 KB) - added by westi 7 years ago.
With the typo fixed and the debug removed

Download all attachments as: .zip

Change History (10)

@westi
7 years ago

Fix for the issue. Creates new wp_validate_redirect function

#1 @Denis-de-Bernardy
7 years ago

the same applies to login/register, no?

#2 @Denis-de-Bernardy
7 years ago

also save post, etc.

#3 @westi
7 years ago

Normal the redirection is handled as a redirect using wp_safe_redirect().

Here we place it in a link which is different.

@westi
7 years ago

Also don't create a new notice

#4 @westi
7 years ago

And yes, if you wondered the +1 is just there to help you test.

#5 @Denis-de-Bernardy
7 years ago

There is a typo. It should be:

#location = wp_validate_redirect($location, admin_url());

#6 @Denis-de-Bernardy
7 years ago

with a $ even

@westi
7 years ago

With the typo fixed and the debug removed

#7 @markjaquith
7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11611]) Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for 2.8.1

Note: See TracTickets for help on using tickets.