Make WordPress Core

Context Navigation

← Previous Ticket
Next Ticket →

Opened 15 years ago

Closed 15 years ago

#11128 closed enhancement (fixed)

QuickPress XSS fix

Reported by:	Simek	Owned by:	ryan
Milestone:	2.9	Priority:	normal
Severity:	minor	Version:	2.9
Component:	Security	Keywords:	has-patch tested
Focuses:		Cc:

Description

QuickPress XSS fix for dashboard widget.

Attachments (1)

quickpress.title.XSS.fix.patch (889 bytes) - added by Simek 15 years ago.

Download all attachments as: .zip

Change History (3)

@Simek
15 years ago

Attachment quickpress.title.XSS.fix.patch added

#1 @ryan
15 years ago

That's pulling a title from the DB that should already be sanitized. We should go ahead escape it anyway, but this doesn't seem to be very dangerous.

#2 @azaozz
15 years ago

Resolution set to fixed
Status changed from new to closed

(In [12235]) Escape $title in dashboard Recent Drafts to reveal HTML tags, props Simek, fixes #11128

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats: