WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 5 years ago

#3990 closed defect (bug) (duplicate)

Links in titles block editing links in dashboard

Reported by: elharo Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.1.2
Component: Security Keywords:
Focuses: Cc:

Description

Another bug caused by markup in titles and this one's theme independent.

Steps to reproduce:

  1. Create a post with a title containing a link like this:

<a href="http://www.cafeaulait.org/">Is This a Security Issue?</a>

  1. Go to your the dashboard; i.e. blog/wp-admin. In the sidebar look at the POSTS. The first post should now have a link like this:

<a href="editing link"><a href="http://www.cafeaulait.org/">Is This a Security Issue?</a></a>

This is invalid, but in most browsers the link you follow when clicking comes from the supplied title rather than the internal edit link for that post.

I've verified this in 2.0.7 and others have verified it in the 2.1.3 RC and the trunk.

I suspect the fix involves removing links, and probably all other markup from the title before sticking it in the posts sidebar on the admin page.

Still to be determined: are there other pages in the admin section that need this treatment? Can one inject JavaScript into the admin pages in this fashion?

Change History (4)

comment:1 mikewp7 years ago

  • Component changed from Administration to Security
  • Milestone changed from 2.0.10 to 2.1.3
  • Priority changed from high to normal
  • Resolution set to fixed
  • Severity changed from blocker to normal
  • Status changed from new to closed
  • Version changed from 2.0.7 to 2.1.2

see ticket 3991

comment:2 Nazgul7 years ago

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:3 Nazgul7 years ago

  • Resolution set to duplicate
  • Status changed from reopened to closed

Should be marked as duplicate of #3991

comment:4 Nazgul7 years ago

  • Milestone 2.1.3 deleted
Note: See TracTickets for help on using tickets.