[wp-trac] [WordPress Trac] #11774: in ms-edit.php, WPLANG site option gets updated without any validation
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 6 18:51:21 UTC 2010
#11774: in ms-edit.php, WPLANG site option gets updated without any validation
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 3.0
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
there is a line in there that goes:
{{{
update_site_option( "WPLANG", $_POST['WPLANG'] );
}}}
in addition to the missing sanitization, we should at least make sure the
lang file is around.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11774>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list