#9656 closed defect (bug) (worksforme)
Add missing filters for values in edit-link-category-form.php
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 2.8 |
Component: | Security | Keywords: | has-patch tested commit |
Focuses: | Cc: |
Description
Add missing filters ("attribute_escape" and "wp_specialchars") for values in edit-link-category-form.php
Attachments (3)
Change History (19)
#2
@
12 years ago
- Type changed from enhancement to defect (bug)
unsufficent attribute value escapes are a defect, not an enhancement.
#7
@
12 years ago
Repaired the patch. Partially this was already fixed in head because of the attr() run by ryan. looks like textareas are missing, I've chosen simeks variant using wp_specialchars() for textarea content.
#10
@
12 years ago
- Keywords tested commit added; security removed
- Severity changed from normal to major
this one is major
#13
@
12 years ago
get_user_to_edit() could stand to call format_to_edit() instead of wp_specialchars().
#14
@
12 years ago
Some of the attribute escapes that got added are unnecessary since the *_to_edit() functions should take care of that.
#15
@
12 years ago
- Milestone 2.8 deleted
- Resolution set to worksforme
- Status changed from new to closed
oh right. after double checking, all three cases are processed already. sorry about that.
is wp_specialchars() suitable within a textarea? (guess yes but I do not properly know).
is the 'editable_slug' filter applicable to be used for category slugs?
if both questions can be answered with yes I think this patch looks good. especially the attribute_escape call is important to prevent injection issues.