Make WordPress Core

Opened 12 years ago

Closed 11 years ago

Last modified 11 years ago

#2694 closed defect (bug) (fixed)

search query variable could use some filtering

Reported by: Denis-de-Bernardy Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0.2
Component: Security Keywords:
Focuses: Cc:


At the moment, you can search for:

<a href=http://www.spammer.com>keyword</a>

And the html goes in and out of the search query.

Change History (2)

#1 @johnbillion
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Closing as fixed. Search terms are properly escaped.

#2 @johnbillion
11 years ago

Clarification: You should use the_search_query() to display search terms.

Note: See TracTickets for help on using tickets.