Security Issues in class Snoopy within trunk
|Reported by:||hakre||Owned by:||ryan|
The core trunk codebase contains a class called Snoopy which has security issues (it is said). Next to this, one I found in concrete is that it does not properly fitler XML/HTML so it's open to XSS and other forms of injection.
- If the class is still in use I suggest to replace it with WP API functions (related: #8082).
- (Then,) If the class isn't any longer in use, I suggest to remove it from trunk.
- It's about time. If you do not think so, then the class should be mimicked with WP API functions.
In any case that code should be removed finally.