WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#5475 closed defect (bug) (invalid)

Admins not filtered

Reported by: Aen Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.3.1
Component: General Keywords:
Focuses: Cc:

Description

Tested on a default WP2.3.1 installation, with the default and a few other themes. No commenting plugin installed. Just fresh and new.

Submitting <textarea> and <input> in comments, the actual html elements show up. Ugly and probably a security risk?

You can see an example at http://aendir.com/woot/?p=1#comments

Change History (2)

comment:1 Aen6 years ago

  • Resolution set to invalid
  • Status changed from new to closed
  • Summary changed from [Allowed HTML tags] Textareas and Inputs allowed to Admins not filtered

I realized I was posting as admin and thus I was not subjected to filtering. The tags are not allowed when I'm posting as non-admin.

comment:2 ionfish6 years ago

  • Milestone 2.3.2 deleted
Note: See TracTickets for help on using tickets.