[wp-trac] [WordPress Trac] #5135: Pages are not sanitized in wp-admin/page.php

WordPress Trac wp-trac at lists.automattic.com
Tue Oct 2 23:34:10 GMT 2007

#5135: Pages are not sanitized in wp-admin/page.php
 Reporter:  xknown          |       Owner:  anonymous
     Type:  defect          |      Status:  new      
 Priority:  normal          |   Milestone:  2.3.1    
Component:  Administration  |     Version:  2.3      
 Severity:  normal          |    Keywords:           
 As a consequence of #4546, page contents are not sanitized in wp-
 admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).

 Steps to reproduce the problem:
  1. Create a new page with any title and some html.
 </textarea><script>alert(/Not escaped/)</script>
  2. Press "Save and Continue Editing" button.

 The attached patch adds `sanitize_post` to `get_page` function and also
 escapes `post_title` in `parent_dropdown`.

Ticket URL: <http://trac.wordpress.org/ticket/5135>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list