WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#11119 closed task (blessed) (fixed)

Press This Security Fix

Reported by: noel Owned by: noel
Milestone: 2.8.6 Priority: high
Severity: normal Version:
Component: Press This Keywords: press this, has-patch
Focuses: Cc:

Description

Potential XSS for logged in users.

Patch attached.

Attachments (2)

press-this-xss-bug-11-10-2009.patch (736 bytes) - added by noel 4 years ago.
fixes potential xss issue
press-this.002.diff (1.8 KB) - added by markjaquith 4 years ago.

Download all attachments as: .zip

Change History (6)

noel4 years ago

fixes potential xss issue

markjaquith4 years ago

comment:1 markjaquith4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [12168]) Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119

comment:2 markjaquith4 years ago

(In [12169]) Some extra XSS protection. Redundant, but we should always escape late! see #11119

comment:3 markjaquith4 years ago

(In [12170]) Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119 for 2.8.x

comment:4 ryan4 years ago

  • Milestone changed from 2.9 to 2.8.6
Note: See TracTickets for help on using tickets.