3053,several bugs (including security related),Denis-de-Bernardy,,"I hired a tester to conduct a series of tests on a WP MU install, in order to check for bugs and potential XSS issues.
His job was to post the following string in every field he could access from the admin area:
And to report anything that seemed wrong. His feedback, for information:
1. Write Post:(Url:http://azmi.rehashthegame.com/wp-admin/post-new.php)
Issue: When I Entered the string "" t\e's""t test in HTMLarea then it displays as ""alert('hello'); te's""t test "" at front end and when i entered the same string in simple Textfields it display like "" t\e's""t test"". but this time no alert message appears on the screen.
2. Write Pages:(/wp-admin/post-new.php)
3. Add Category:(Url: /wp-admin/categories.php#addcat1.)
Issue:Again the same issues. Not proper validations applied on the fields.so teh category withour any Name or any other values is successfully added in to the system.
4. BlogRoll Management: (/wp-admin/link-manager.php)
Issue: Can't able to select/deselect the checkbox placed at the top.
5. Add Link: (/wp-admin/link-add.php)
Issue: Form accepts the Blank Values.and teh Link Added with the Blank values.
Issue: While Adding the new Users, Email field allow me to enter any value. Script should Validate the value at the client end and if doesn't contain '@',it should display the proper message and the form should not be submitted.
1. When i tried to search the script "" t\e's""t test.. It display the"" Hello"" message and throws the Error:
Warning: Invalid argument supplied for foreach() in /wp-admin/users.php on line 372
2. Unable to Add new User to the List.
3. No error message displayed when i entered a wiered value(xyz000) for Email Field although the User is not created but it should display the proper message to the user.
4. Error Page should be properly Formated. right now it only display the error message without the Header and footers.which breaks the consistency of the application.
* While searching ""azmi.ali"" below error occurs:
Warning: Invalid argument supplied for foreach() in /wp-admin/users.php on line 372",defect (bug),closed,normal,,Administration,2.1,normal,worksforme,,,