Make WordPress Core

Opened 14 years ago

Closed 14 years ago

Last modified 14 years ago

#14594 closed defect (bug) (fixed)

Header injection in ms-files.php?

Reported by: denis-de-bernardy's profile Denis-de-Bernardy Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0.1
Component: Security Keywords:
Focuses: Cc:

Description

http://core.trac.wordpress.org/browser/trunk/wp-includes/ms-files.php?rev=14609#L41

Isn't there any potential to send raw, unfiltered data in this line?

Change History (4)

#1 @Denis-de-Bernardy
14 years ago

  • Resolution set to fixed
  • Status changed from new to closed

#2 @Denis-de-Bernardy
14 years ago

There might still be some potential for injections, though. Unit tests would be good...

#3 @hakre
14 years ago

Related: #14450

#4 @nacin
14 years ago

  • Milestone changed from Awaiting Review to 3.1
Note: See TracTickets for help on using tickets.