[wp-trac] [WordPress Trac] #11932: Strip Shortcodes from untrusted comment authors

WordPress Trac wp-trac at lists.automattic.com
Mon Jan 18 11:44:14 UTC 2010


#11932: Strip Shortcodes from untrusted comment authors
--------------------------+-------------------------------------------------
 Reporter:  kdzwinel      |        Owner:  ryan   
     Type:  defect (bug)  |       Status:  closed 
 Priority:  normal        |    Milestone:         
Component:  Security      |      Version:  2.9.1  
 Severity:  normal        |   Resolution:  invalid
 Keywords:                |  
--------------------------+-------------------------------------------------
Changes (by miqrogroove):

  * keywords:  xss,kaltura =>
  * status:  reopened => closed
  * resolution:  => invalid
  * milestone:  2.9.2 =>


Comment:

 I agree with scribu on this one.  shortcodes.php only hooks the_content().
 Shortcodes are already ignored in all comments.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11932#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list