[wp-trac] [WordPress Trac] #11778: ms-edit.php updates options without the slightest sanitization or unslashing
WordPress Trac
wp-trac at lists.automattic.com
Wed Jan 6 19:47:37 UTC 2010
#11778: ms-edit.php updates options without the slightest sanitization or
unslashing
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Multisite | Version: 3.0
Severity: major | Keywords:
-------------------------------+--------------------------------------------
we're at least missing a call to strip_slashes_deep() over in:
{{{
foreach ( (array) $_POST['option'] as $key => $val
) {
if( $key === 0 )
continue; // Avoids "0 is a
protected WP option and may not be modified" error when edit blog options
if( $c == $count ) {
update_option( $key, $val );
} else {
update_option( $key, $val, false
); // no need to refresh blog details yet
}
$c++;
}
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11778>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list