WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#5135 closed defect (bug) (fixed)

Pages are not sanitized in wp-admin/page.php

Reported by: xknown Owned by:
Milestone: 2.3.1 Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords:
Focuses: Cc:

Description

As a consequence of #4546, page contents are not sanitized in wp-admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).

Steps to reproduce the problem:

  1. Create a new page with any title and some html.
    </textarea><script>alert(/Not escaped/)</script>
    
  2. Press "Save and Continue Editing" button.

The attached patch adds sanitize_post to get_page function and also escapes post_title in parent_dropdown.

Attachments (1)

sanitize_page.diff (3.1 KB) - added by xknown 7 years ago.
sanitize pages

Download all attachments as: .zip

Change History (3)

@xknown7 years ago

sanitize pages

comment:1 @ryan7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6184]) Add page sanitization. Props xknown. fixes #5135 for 2.3

comment:2 @ryan7 years ago

(In [6185]) Add page sanitization. Props xknown. fixes #5135 for trunk

Note: See TracTickets for help on using tickets.