Opened 15 years ago
Closed 14 years ago
#11514 closed enhancement (fixed)
name and class in wp_list_categories not sanitized
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 3.1 | Priority: | normal |
| Severity: | major | Version: | 3.1 |
| Component: | Taxonomy | Keywords: | has-patch dev-feedback |
| Focuses: | Cc: |
Description
In wp_dropdown_categories the attributes name and class are sanitized but not in wp_list_categories.
Attachments (2)
Change History (10)
#1
@
15 years ago
- Milestone changed from Unassigned to 3.0
- Priority changed from low to normal
- Severity changed from normal to major
Considered hardening. Considered Blocker. Even 2.8 updates consider-able. Reference: [12539]
#2
@
15 years ago
- Keywords dev-feedback added
This is actually security related and some core-devs should at least consider to take a look in this ticket. Feedback wanted.
#4
@
15 years ago
- Milestone 3.0 deleted
- Resolution set to invalid
- Status changed from new to closed
We don't use either of those attributes in wp_list_categories().
Note: See
TracTickets for help on using
tickets.
Adds sanitazition of name and class