WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#10193 closed defect (bug) (fixed)

backto parameter used in database needs better validation

Reported by: westi Owned by: westi
Milestone: 2.8.1 Priority: normal
Severity: normal Version: 2.8
Component: Upgrade/Install Keywords:
Focuses: Cc:

Description

When the database upgrade completes you are offered a continue button to allow you to go back where you can from.

The backto link is escaped and sanitised but it is not validated to be for the local blog so could be used for a phishing style redirect

Attachments (3)

upgrade.diff (2.7 KB) - added by westi 5 years ago.
Fix for the issue. Creates new wp_validate_redirect function
upgrade-notice-free.diff (3.2 KB) - added by westi 5 years ago.
Also don't create a new notice
upgrade2.diff (2.8 KB) - added by westi 5 years ago.
With the typo fixed and the debug removed

Download all attachments as: .zip

Change History (10)

westi5 years ago

Fix for the issue. Creates new wp_validate_redirect function

comment:1 Denis-de-Bernardy5 years ago

the same applies to login/register, no?

comment:2 Denis-de-Bernardy5 years ago

also save post, etc.

comment:3 westi5 years ago

Normal the redirection is handled as a redirect using wp_safe_redirect().

Here we place it in a link which is different.

westi5 years ago

Also don't create a new notice

comment:4 westi5 years ago

And yes, if you wondered the +1 is just there to help you test.

comment:5 Denis-de-Bernardy5 years ago

There is a typo. It should be:

#location = wp_validate_redirect($location, admin_url());

comment:6 Denis-de-Bernardy5 years ago

with a $ even

westi5 years ago

With the typo fixed and the debug removed

comment:7 markjaquith5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [11611]) Create wp_validate_redirect(), have the upgrade done link use it. props Westi. fixes #10193 for 2.8.1

Note: See TracTickets for help on using tickets.