Opened 14 years ago
Closed 13 years ago
#10415 closed defect (bug) (fixed)
URL not secured in wp-trackback.php
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 3.0.2 | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | Pings/Trackbacks | Keywords: | |
| Focuses: | Cc: |
Description
I've found that the variable $tb_url is never escaped before it's inserted into the database. I think a $wpdb->escape is needed.
Change History (4)
Note: See
TracTickets for help on using
tickets.
It's escaped properly,
$wpdb->prepare()escapes it.