WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 7 years ago

Last modified 7 years ago

#2694 closed defect (bug) (fixed)

search query variable could use some filtering

Reported by: Denis-de-Bernardy Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0.2
Component: Security Keywords:
Focuses: Cc:

Description

At the moment, you can search for:

<a href=http://www.spammer.com>keyword</a>

And the html goes in and out of the search query.

Change History (2)

comment:1 johnbillion7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Closing as fixed. Search terms are properly escaped.

comment:2 johnbillion7 years ago

Clarification: You should use the_search_query() to display search terms.

Note: See TracTickets for help on using tickets.