Make WordPress Core

Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#4505 closed defect (bug) (fixed)

default theme's REQUEST_URI should be attribute_escape (d)

Reported by: whooami's profile whooami Owned by:
Milestone: 2.0.11 Priority: normal
Severity: normal Version: 2.0.10
Component: Template Keywords:
Focuses: Cc:

Description

Unescaped, same as what was just fixed in 2.2.x but not yet in RC3.

<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">

I thought you were continuing to support this branch.

Change History (8)

#1 @whooami
17 years ago

  • Component changed from Administration to Template

#2 @Otto42
17 years ago

  • Milestone set to 2.0.11

The change is in trac: [5680], but doesn't seem to have made it into the ZIP file on the release archive page. Don't know why, but I think that RC3 just needs to be rebuilt from SVN or something. Or go to RC4.

#3 @foolswisdom
17 years ago

  • Version set to 2.0.10

#4 @Cimmo
17 years ago

well if it's enough to rebuilt from SVN why we are still here with RC3?

#5 @Nazgul
17 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Fixed by r5680.

#6 @Cimmo
17 years ago

So? 2.0.11rc3 still hasn't the fix

#7 @rob1n
17 years ago

The 2.0.11 final will have it.

#8 @foolswisdom
17 years ago

  • Summary changed from default theme's functions.php inside 2.0.11 RC3 to default theme's REQUEST_URI should be attribute_escape (d)
Note: See TracTickets for help on using tickets.