WordPress.org

Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 6 years ago

#1871 closed defect (bug) (invalid)

Redacted

Reported by: anonymous Owned by:
Milestone: Priority: high
Severity: normal Version: 1.5.2
Component: Security Keywords:
Focuses: Cc:

Change History (4)

comment:1 @davidhouse9 years ago

Standard policy is to email security threats to security@…, so that the problem can be tested and acted on as quickly as possible, with the minimum number of people possible getting access to the threat.

comment:2 @markjaquith9 years ago

Seems to me that it would be better to have the urlencode() protection within the wp_redirect() function itself...

comment:3 @markjaquith9 years ago

  • Description modified (diff)
  • Reporter ManiacSoftwareManiacsOrg deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Summary changed from XSS vulnerability through redirects to Redacted

comment:4 @markjaquith9 years ago

Let's not give the bad guys a head start. Information has been saved and forwarded to security@…

Note: See TracTickets for help on using tickets.