URL not secured in wp-trackback.php
|Reported by:||McGurk||Owned by:|
I've found that the variable $tb_url is never escaped before it's inserted into the database. I think a $wpdb->escape is needed.
Change History (4)
- Milestone Unassigned deleted
- Resolution set to invalid
- Status changed from new to closed
- Version 2.8.1 deleted
Note: See TracTickets for help on using tickets.