Context Navigation

← Previous Ticket
Next Ticket →

#2454 closed defect (bug) (fixed)

Comment URL not cleaned before set in cookie

Reported by:	skeltoac	Owned by:
Milestone:	2.1	Priority:	low
Severity:	trivial	Version:	2.0.1
Component:	Administration	Keywords:	bg\|has-patch
Focuses:		Cc:

Description

The following article claims that this is a security hole. Dougal and I disagree: you can't steal cred cookies with this vector because the URL cookie is only set in the browser of the person submitting the comment, and the affected control only appears when the visitor is not logged in. Anyway, attached is a patch to clean the URL before setting the cookie.

http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html#more-14

Attachments (1)

clean-comment-url.diff (931 bytes) - added by skeltoac 19 years ago.

Download all attachments as: .zip

Change History (3)

@skeltoac
19 years ago

Attachment clean-comment-url.diff added

#1 @dougal
19 years ago

Looks good to me.

Even though it isn't a real security risk, best to clean that up, just in case. Afer all, it could be an issue on sites that use custom themes, or if there was a plugin that pulled the comment author cookies and diplayed them blindly.

#2 @ryan
19 years ago

Resolution set to fixed
Status changed from new to closed

(In [3542]) clean comment author url. fixes #2454

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core