WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

#10415 closed defect (bug) (fixed)

URL not secured in wp-trackback.php

Reported by: McGurk Owned by:
Milestone: 3.0.2 Priority: normal
Severity: normal Version:
Component: Pings/Trackbacks Keywords:
Focuses: Cc:

Description

I've found that the variable $tb_url is never escaped before it's inserted into the database. I think a $wpdb->escape is needed.

Change History (4)

comment:1 @McGurk6 years ago

  • Cc smartajonte@… added

comment:2 @azaozz6 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version 2.8.1 deleted

It's escaped properly, $wpdb->prepare() escapes it.

comment:3 @nacin5 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:4 @nacin5 years ago

  • Milestone set to 3.0.2
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.