Make WordPress Core

Changes between Initial Version and Version 2 of Ticket #58305


Ignore:
Timestamp:
05/14/2023 06:39:59 AM (21 months ago)
Author:
sabernhardt
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #58305

    • Property Keywords has-patch added
    • Property Milestone changed from Awaiting Review to 6.3
    • Property Summary changed from This Dynamic Value is From the "apply_filters()" Function not Escaped While Echoing. to Login page title text is filterable but not escaped
  • Ticket #58305 – Description

    initial v2  
    11I have identified an issue with echoing a dynamic value of an HTML element in the [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-login.php#L209 /wp-login.php] file while reviewing its code. The problem is located on line 209 of the file.
    22
    3 I believe there is a potential security risk associated with this issue, as the dynamic value is being loaded from the "apply_filters()" function.
     3I believe there is a potential security risk associated with this issue, as the dynamic value is being loaded from the `apply_filters()` function.
    44
    55To ensure the security and validity of the code, it is crucial to properly escape the dynamic value and prevent any potential security vulnerabilities. Therefore, it is important to address this issue by properly escaping the value on that line.