Make WordPress Core

Opened 19 years ago

Closed 19 years ago

Last modified 15 years ago

#1871 closed defect (bug) (invalid)

Redacted

Reported by: 's profile (none) Owned by:
Milestone: Priority: high
Severity: normal Version: 1.5.2
Component: Security Keywords:
Focuses: Cc:

Change History (4)

#1 @davidhouse
19 years ago

Standard policy is to email security threats to security@…, so that the problem can be tested and acted on as quickly as possible, with the minimum number of people possible getting access to the threat.

#2 @markjaquith
19 years ago

Seems to me that it would be better to have the urlencode() protection within the wp_redirect() function itself...

#3 @markjaquith
19 years ago

  • Description modified (diff)
  • Reporter ManiacSoftwareManiacsOrg deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Summary changed from XSS vulnerability through redirects to Redacted

#4 @markjaquith
19 years ago

Let's not give the bad guys a head start. Information has been saved and forwarded to security@…

Note: See TracTickets for help on using tickets.