[wp-trac] Re: [WordPress Trac] #3279: Theme doesn't load properly
when theme directory name contains a '+' sign
WordPress Trac
wp-trac at lists.automattic.com
Tue Feb 13 20:07:33 GMT 2007
#3279: Theme doesn't load properly when theme directory name contains a '+' sign
----------------------------+-----------------------------------------------
Reporter: ming | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.2
Component: Administration | Version: 2.1
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by tombarta):
why not just pass it through `rawurlencode()` when outputting to HTML and
`rawurldecode()` when pulling from input? It'll just convert it to `%2B`
in the page, it doesn't require additional rules for theme developers, and
it is indicative that there's a XSS or similar vulnerability lurking
around.
A little bit of noodling here...
{{{
shell> cp -a classic '" onclick="alert('\''Moo!'\'')"'
}}}
When I tried to select this theme from the admin interface, my browser
mooed at me.
While this may be for the most part trivial (if you can write the
wordpress files you probably have more privileges than wordpress itself
does), it does have the potential to be exploited in rare cases.
--
Ticket URL: <http://trac.wordpress.org/ticket/3279#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list