Make WordPress Core

Opened 6 years ago

Closed 5 years ago

#10415 closed defect (bug) (fixed)

URL not secured in wp-trackback.php

Reported by: McGurk Owned by:
Milestone: 3.0.2 Priority: normal
Severity: normal Version:
Component: Pings/Trackbacks Keywords:
Focuses: Cc:


I've found that the variable $tb_url is never escaped before it's inserted into the database. I think a $wpdb->escape is needed.

Change History (4)

#1 @McGurk
6 years ago

  • Cc smartajonte@… added

#2 @azaozz
6 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version 2.8.1 deleted

It's escaped properly, $wpdb->prepare() escapes it.

#3 @nacin
5 years ago

  • Resolution invalid deleted
  • Status changed from closed to reopened

#4 @nacin
5 years ago

  • Milestone set to 3.0.2
  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.