WordPress.org
Get WordPress

Make WordPress Core

Opened 3 years ago

Closed 4 months ago

#58511 closed defect (bug) (fixed)

Escaping function missing in wp-trackback.php

Reported by: utsav72640's profile utsav72640 Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 6.9 Priority: normal
Severity: normal Version:
Component: Pings/Trackbacks Keywords: has-patch
Focuses: coding-standards Cc:

Description

Escaping function missing in wp-trackback.php file.

Attachments (2)

trackback.patch (1.0 KB) - added by utsav72640 3 years ago.
wp-trackback.php
updatedtrackback.patch (1.0 KB) - added by utsav72640 3 years ago.

Download all attachments as: .zip

Change History (9)

@utsav72640
3 years ago

wp-trackback.php

#1 @ankitmaru
3 years ago

Thanks @utsav72640

Patch LGTM.

#2 @mukesh27
3 years ago

  • Keywords needs-refresh added
  • Version 6.2.2 deleted

Hi there! thanks for ticket and patch.

The core use sanitize_text_field( wp_unslash( $_POST[''] ) ); instead of what you propose in your patch.

@utsav72640
3 years ago

#3 @utsav72640
3 years ago

Thank you for sharing the details, @mukesh27. I have attached a new patch. Could you please review it and let me know if any changes. Thanks!!!

#4 @ankitmaru
3 years ago

Great.!!!! Thanks @mukesh27 for quick review.

This ticket was mentioned in PR #9387 on WordPress/wordpress-develop by @dhruvang21.
4 months ago #5

  • Keywords needs-refresh removed

#6 @SergeyBiryukov
4 months ago

  • Milestone changed from Awaiting Review to 6.9

#7 @SergeyBiryukov
4 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 60646:

Coding Standards: Sanitize input values in wp-trackback.php.

Follow-up to [4676], [12284], [23594], [53719].

Props utsav72640, mukesh27, ankitmaru, dhruvang21, SergeyBiryukov.
Fixes #58511.

Note: See TracTickets for help on using tickets.