Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#5135 closed defect (bug) (fixed)

Pages are not sanitized in wp-admin/page.php

Reported by: xknown Owned by:
Milestone: 2.3.1 Priority: normal
Severity: normal Version: 2.3
Component: Administration Keywords:
Focuses: Cc:


As a consequence of #4546, page contents are not sanitized in wp-admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).

Steps to reproduce the problem:

  1. Create a new page with any title and some html.
    </textarea><script>alert(/Not escaped/)</script>
  2. Press "Save and Continue Editing" button.

The attached patch adds sanitize_post to get_page function and also escapes post_title in parent_dropdown.

Attachments (1)

sanitize_page.diff (3.1 KB) - added by xknown 8 years ago.
sanitize pages

Download all attachments as: .zip

Change History (3)

8 years ago

sanitize pages

#1 @ryan
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [6184]) Add page sanitization. Props xknown. fixes #5135 for 2.3

#2 @ryan
8 years ago

(In [6185]) Add page sanitization. Props xknown. fixes #5135 for trunk

Note: See TracTickets for help on using tickets.