[wp-trac] Re: [WordPress Trac] #3095: Can't escape characters for
date format in Options > General
WordPress Trac
wp-trac at lists.automattic.com
Wed Oct 4 09:35:11 GMT 2006
#3095: Can't escape characters for date format in Options > General
----------------------------+-----------------------------------------------
Reporter: pandem | Owner: mdawaffe
Type: defect | Status: assigned
Priority: low | Milestone: 2.1
Component: Administration | Version: 2.1
Severity: minor | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Changes (by mdawaffe):
* milestone: => 2.1
* status: new => assigned
* owner: anonymous => mdawaffe
Comment:
wp_kses_filters() stripslashes then addslashes, so we shouldn't stripslash
stuff before it goes in.
3095.diff for trunk:
1. Moves stripslashes() to sanitize_option() cases that need them.
1. strip_tags() seems to do its job even without having first
stripslashed. Can someone confirm for the sake of security?
I did not create a patch for 2.0.5. I can if this is deemed secure.
--
Ticket URL: <http://trac.wordpress.org/ticket/3095>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list