Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#18445 closed defect (bug) (fixed)

Unifiltered text can be inserted via Link Image To field when side-loading media

Reported by: DrewAPicture Owned by: azaozz
Milestone: 3.3 Priority: normal
Severity: normal Version: 3.2.1
Component: Formatting Keywords: has-patch dev-feedback
Focuses: Cc:


It looks like the replace methods were left out for f.url.value in wp-admin/includes/media.php. Thus, unfiltered text including complete javascript strings can be passed through the 'Link Image To' field when side-loading media via the 'From URL' tab. The unfiltered text is dropped untouched into the media's link tag and has potential to wreak havoc.


In posting page-> Add media > Goto 'From URL' tab > Input a url to a valid remote image > Input special characters into the 'Link Image To' field > Insert into post.

Attachments (1)

18445.diff (737 bytes) - added by DrewAPicture 7 years ago.
Remade patch root-relative at 18759

Download all attachments as: .zip

Change History (7)

#1 @DrewAPicture
7 years ago

  • Keywords has-patch added; needs-patch removed

#2 @SergeyBiryukov
7 years ago

  • Milestone changed from Awaiting Review to 3.3

#3 @DrewAPicture
7 years ago

  • Component changed from Validation to Formatting

Tested on trunk and inserted, side-loaded media URLs are now filtered as expected.

Last edited 7 years ago by DrewAPicture (previous) (diff)

#4 @DrewAPicture
7 years ago

  • Keywords dev-feedback added

7 years ago

Remade patch root-relative at 18759

#5 @nacin
7 years ago

  • Owner set to azaozz
  • Status changed from new to assigned

#6 @azaozz
7 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In [19275]:

Filter the link href when inserting external image in the editor, props DrewAPicture, fixes #18445

Note: See TracTickets for help on using tickets.