Context Navigation

← Previous Ticket
Next Ticket →

#6069 closed defect (bug) (fixed)

get_avatar should check size is numeric to avoid injection

Reported by:	Martin2006	Owned by:
Milestone:	2.5	Priority:	normal
Severity:	normal	Version:
Component:	General	Keywords:	has-patch
Focuses:		Cc:

Description

As get_avatar places $size inside an attribute, it should be sanitized before being written to the page to avoid XSS injection or any injection to the remote server (gravatar).

Attachments (1)

get_avatar.diff (410 bytes) - added by Martin2006 9 years ago.

Download all attachments as: .zip

Change History (3)

@Martin2006
9 years ago

Attachment get_avatar.diff added

#1 @lloydbudd
9 years ago

Milestone changed from 2.6 to 2.5

#2 @ryan
9 years ago

Resolution set to fixed
Status changed from new to closed

(In [7132]) Make sure avatar size is numeric. Props Martin2006. fixes #6069

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

WordPress.org

Make WordPress Core

Context Navigation

#6069 closed defect (bug) (fixed)

get_avatar should check size is numeric to avoid injection

Description

Attachments (1)

Change History (3)

@Martin2006
9 years ago

#1 @lloydbudd
9 years ago

#2 @ryan
9 years ago

Download in other formats:

Code is Poetry

WordPress.org

Make WordPress Core

Context Navigation

#6069 closed defect (bug) (fixed)

get_avatar should check size is numeric to avoid injection

Description

Attachments (1)

Change History (3)

@Martin2006 9 years ago

#1 @lloydbudd 9 years ago

#2 @ryan 9 years ago

Download in other formats:

Code is Poetry

@Martin2006
9 years ago

#1 @lloydbudd
9 years ago

#2 @ryan
9 years ago