WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#3988 closed defect (bug) (fixed)

Sanitize pagenow in admin-header.php

Reported by: xknown Owned by:
Milestone: 2.1.3 Priority: highest omg bbq
Severity: critical Version: 2.1.2
Component: Security Keywords: has-patch
Focuses: Cc:

Description

In admin-header.php there's a wp_enqueue_script call that uses the value of pagenow variable, it should be sanitized before output.

PS. Thursday I've sent to security@… a PoC that uses this variable to perform an XSS/CSRF attack.

Attachments (1)

admin-header.diff (662 bytes) - added by xknown 8 years ago.
escape pagenow value

Download all attachments as: .zip

Change History (5)

@xknown8 years ago

escape pagenow value

comment:1 @foolswisdom8 years ago

  • Priority changed from normal to highest omg bbq
  • Severity changed from normal to critical

comment:2 @charleshooper8 years ago

  • Cc charleshooper added
  • Keywords has-patch added

comment:3 @ryan8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5059]) escape pagenow. Props xknown. fixes #3988 for trunk

comment:4 @ryan8 years ago

(In [5060]) escape pagenow. Props xknown. fixes #3988 for 2.1

Note: See TracTickets for help on using tickets.