[wp-trac] Re: [WordPress Trac] #3727: WP->parse_request() won't
replace $pathinfo when $req_uri contains any %## encoding character.
WordPress Trac
wp-trac at lists.automattic.com
Sun Jun 3 12:18:27 GMT 2007
#3727: WP->parse_request() won't replace $pathinfo when $req_uri contains any %##
encoding character.
-----------------------------------------+----------------------------------
Reporter: Kirin_Lin | Owner: ryan
Type: defect | Status: reopened
Priority: normal | Milestone: 2.2.1
Component: General | Version: 2.2
Severity: blocker | Resolution:
Keywords: rewrite permalink has-patch |
-----------------------------------------+----------------------------------
Comment (by hakre):
Warning: This can be used as an attack vector on Wordpress Blogs having
pretty URLs enabled.
--
Ticket URL: <http://trac.wordpress.org/ticket/3727#comment:22>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list