Opened 14 years ago
Closed 14 years ago
#11128 closed enhancement (fixed)
QuickPress XSS fix
Reported by: | Simek | Owned by: | ryan |
---|---|---|---|
Milestone: | 2.9 | Priority: | normal |
Severity: | minor | Version: | 2.9 |
Component: | Security | Keywords: | has-patch tested |
Focuses: | Cc: |
Description
QuickPress XSS fix for dashboard widget.
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
That's pulling a title from the DB that should already be sanitized. We should go ahead escape it anyway, but this doesn't seem to be very dangerous.