[wp-trac] Re: [WordPress Trac] #3727: WP->parse_request() won't replace $pathinfo when $req_uri contains any %## encoding character.

WordPress Trac wp-trac at lists.automattic.com
Sun Jun 3 12:18:27 GMT 2007


#3727: WP->parse_request() won't replace $pathinfo when $req_uri contains any %##
encoding character.
-----------------------------------------+----------------------------------
 Reporter:  Kirin_Lin                    |        Owner:  ryan    
     Type:  defect                       |       Status:  reopened
 Priority:  normal                       |    Milestone:  2.2.1   
Component:  General                      |      Version:  2.2     
 Severity:  blocker                      |   Resolution:          
 Keywords:  rewrite permalink has-patch  |  
-----------------------------------------+----------------------------------
Comment (by hakre):

 Warning: This can be used as an attack vector on Wordpress Blogs having
 pretty URLs enabled.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/3727#comment:22>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list