WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#14594 closed defect (bug) (fixed)

Header injection in ms-files.php?

Reported by: Denis-de-Bernardy Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version: 3.0.1
Component: Security Keywords:
Focuses: Cc:

Description

http://core.trac.wordpress.org/browser/trunk/wp-includes/ms-files.php?rev=14609#L41

Isn't there any potential to send raw, unfiltered data in this line?

Change History (4)

comment:1 Denis-de-Bernardy4 years ago

  • Resolution set to fixed
  • Status changed from new to closed

comment:2 Denis-de-Bernardy4 years ago

There might still be some potential for injections, though. Unit tests would be good...

comment:3 hakre4 years ago

Related: #14450

comment:4 nacin3 years ago

  • Milestone changed from Awaiting Review to 3.1
Note: See TracTickets for help on using tickets.