#12417 closed defect (bug) (fixed)
XSS in wp-admin/options.php
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | 2.9.2 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
There are quite a few lines in there, such as:
<th scope='row'><label for='$option->option_name'>$option->option_name</label></th>
Note: See
TracTickets for help on using
tickets.
I just patched this, then realized we esc_attr() at the top of the loop, so we're secure here.
I'm going to move the esc_attr() down further so it's more obvious.