[wp-hackers] Bug: Every <string that is enclosed by angle brackets>
is being shredded.
Alexander Orlov
alexander.orlov at loxal.net
Wed Mar 28 19:07:52 GMT 2007
* Affected version: 2.1.2
* Bug: Every <string that is enclosed by angle brackets> is being shredded.
* Reason: Layout/design cracker protection.
* Conditions: The comments are being passed to the "comment slaughter"
function only IF they are posted by an user who is not logged in. In
comments of logged in users the (X)HTML entities are replaced by the
corresponding entity names.
* (just A) solution: The function that is responsible for this comment
slaughter should be modified so that it replaces all (performance?)
existent (according to the W3C reference
http://www.w3.org/TR/xhtml-modularization/dtd_module_defs.html )
entities in the passed string. E.g.: "<" by "<" and ">" by ">"
etc.
--
Best regards / Mit besten Grüßen
Alexander Orlov
http://www.loxal.net
Hofmannstr. 29 * 91052 Erlangen * Germany
Mobile: +49 (0)1577 / 385 6 583
More information about the wp-hackers
mailing list