[wp-trac] [WordPress Trac] #14556: get_pagenum_link() vulnerable to XSS attacks

WordPress Trac wp-trac at lists.automattic.com
Sat Aug 7 12:34:46 UTC 2010


#14556: get_pagenum_link() vulnerable to XSS attacks
--------------------------+-------------------------------------------------
 Reporter:  guigouz       |       Owner:                   
     Type:  defect (bug)  |      Status:  new              
 Priority:  normal        |   Milestone:  Awaiting Review  
Component:  Security      |     Version:  3.0.1            
 Severity:  normal        |    Keywords:  reporter-feedback
--------------------------+-------------------------------------------------

Comment(by scribu):

 Replying to [comment:5 guigouz]:
 > If you're not using mod_rewrite, wouldn't esc_url() mess with navigation
 ?

 Nope. esc_url() is for escaping any type of URL.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14556#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list