Make WordPress Core

Opened 10 years ago

Closed 10 years ago

#6069 closed defect (bug) (fixed)

get_avatar should check size is numeric to avoid injection

Reported by: Martin2006 Owned by:
Milestone: 2.5 Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch
Focuses: Cc:


As get_avatar places $size inside an attribute, it should be sanitized before being written to the page to avoid XSS injection or any injection to the remote server (gravatar).

Attachments (1)

get_avatar.diff (410 bytes) - added by Martin2006 10 years ago.

Download all attachments as: .zip

Change History (3)

#1 @lloydbudd
10 years ago

  • Milestone changed from 2.6 to 2.5

#2 @ryan
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [7132]) Make sure avatar size is numeric. Props Martin2006. fixes #6069

Note: See TracTickets for help on using tickets.