Opened 17 years ago
Closed 17 years ago
#6069 closed defect (bug) (fixed)
get_avatar should check size is numeric to avoid injection
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 2.5 | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | has-patch |
Focuses: | Cc: |
Description
As get_avatar places $size inside an attribute, it should be sanitized before being written to the page to avoid XSS injection or any injection to the remote server (gravatar).
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
(In [7132]) Make sure avatar size is numeric. Props Martin2006. fixes #6069