WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#13845 closed defect (bug) (fixed)

XSS/XHTML issue for edit-comments.php

Reported by: brettz95 Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Security Keywords: reporter-feedback
Focuses: Cc:

Description

Hi,

When viewing edit-comments.php in the admin in application/xhtml+xml mode, I get a well-formedness error which also could indicate a possible XSS vulnerability since it is apparently user content prompting the insertion of invalid markup (in my case a spammer a < symbol inside <a href="...").

While I don't have a lot of time to research what the best way to do this would be, line 584 of /wp-includes/comment_template.php has the comment_text() function which is called by line 2075 of /wp-admin/includes/template.php (inside function _wp_comment_row ) which is called in line 402 (and 408) of wp-admin/edit-comments.php when producing <tbody id="the-comment-list">.

When I use htmlspecialchars inside the comment_text function, it fixes the problem (at least for this case).

function comment_text() {

echo apply_filters('comment_text', htmlspecialchars(get_comment_text()) ); Brett added htmlspecialchars

}

Would appreciate if someone might look into this, thanks...

Change History (3)

comment:1 nacin4 years ago

  • Keywords reporter-feedback added

I don't think your well-formed error is coming from an XSS issue. comment_text gets properly sanitized going in.

comment:2 markjaquith3 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Should be fixed by [17192]

comment:3 nacin3 years ago

  • Milestone changed from Awaiting Review to 3.1
Note: See TracTickets for help on using tickets.