WordPress.org
Get WordPress

Make WordPress Core

Opened 4 months ago

Closed 3 months ago

Last modified 8 weeks ago

#62434 closed defect (bug) (fixed)

Missing Escaping functionality for async-upload.php Some Variable

Reported by: shyamkariya's profile shyamkariya Owned by: sergeybiryukov's profile SergeyBiryukov
Milestone: 6.7.2 Priority: normal
Severity: normal Version: 6.6
Component: Upload Keywords: has-patch fixed-major
Focuses: administration, coding-standards Cc:

Description

Missing Escaping functionality async-upload.php file... missing Escaping functionality is $file_url.

File Location:- ...\wp-admin\async-upload.php file line number 77.

I have shared the screenshot below...

Attachments (2)

variable-missing.png (79.0 KB) - added by shyamkariya 4 months ago.
62434.patch (806 bytes) - added by pitamdey 4 months ago.
Patch for this issue

Download all attachments as: .zip

Change History (11)

@shyamkariya
4 months ago

@pitamdey
4 months ago

Patch for this issue

#1 @nareshbheda
4 months ago

  • Keywords has-patch added

#2 @ketanniruke
4 months ago

Declare this $file_url = esc_url($file_url); and check. It will work

This ticket was mentioned in Slack in #core by desrosj. View the logs.
4 months ago

#4 @desrosj
4 months ago

  • Milestone changed from Awaiting Review to 6.7.2

Introduced in 6.6 through [58279].

#5 @SergeyBiryukov
4 months ago

  • Owner set to SergeyBiryukov
  • Resolution set to fixed
  • Status changed from new to closed

In 59407:

Coding Standards: Escape attachment URL in wp-admin/async-upload.php.

Follow-up to [58279].

Props shyamkariya, pitamdey, nareshbheda, ketanniruke, desrosj.
Fixes #62434.

#6 @SergeyBiryukov
4 months ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Thanks for the ticket! Reopening for 6.7.x consideration.

#7 @desrosj
4 months ago

  • Version changed from 6.7 to 6.6

This ticket was mentioned in Slack in #core by jorbin. View the logs.
3 months ago

#9 @jorbin
3 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 59538:

Coding Standards: Escape attachment URL in wp-admin/async-upload.php.

Follow-up to [58279].

Reviewed by jorbin.
Merges [59407] to the 6.7 branch.

Props shyamkariya, pitamdey, nareshbheda, ketanniruke, desrosj, SergeyBiryukov .
Fixes #62434.

Note: See TracTickets for help on using tickets.