Opened 13 years ago
Closed 13 years ago
#18445 closed defect (bug) (fixed)
Unifiltered text can be inserted via Link Image To field when side-loading media
Reported by: | DrewAPicture | Owned by: | azaozz |
---|---|---|---|
Milestone: | 3.3 | Priority: | normal |
Severity: | normal | Version: | 3.2.1 |
Component: | Formatting | Keywords: | has-patch dev-feedback |
Focuses: | Cc: |
Description
It looks like the replace methods were left out for f.url.value
in wp-admin/includes/media.php. Thus, unfiltered text including complete javascript strings can be passed through the 'Link Image To' field when side-loading media via the 'From URL' tab. The unfiltered text is dropped untouched into the media's link tag and has potential to wreak havoc.
Reproduce:
In posting page-> Add media > Goto 'From URL' tab > Input a url to a valid remote image > Input special characters into the 'Link Image To' field > Insert into post.
Attachments (1)
Note: See
TracTickets for help on using
tickets.
Tested on trunk and inserted, side-loaded media URLs are now filtered as expected.