[wp-trac] [WordPress Trac] #13377: Add more sanitization in _cleanup_header_comment

WordPress Trac wp-trac at lists.automattic.com
Thu May 13 18:51:16 UTC 2010


#13377: Add more sanitization in _cleanup_header_comment
--------------------------+-------------------------------------------------
 Reporter:  seanklein     |       Owner:  ryan          
     Type:  defect (bug)  |      Status:  new           
 Priority:  normal        |   Milestone:  Future Release
Component:  Security      |     Version:  3.0           
 Severity:  normal        |    Keywords:                
--------------------------+-------------------------------------------------
 The _cleanup_header_comment function is used in multiple places, but one
 in particular can cause some problems on the Page edit screen (or any
 screen that uses page templates).  The get_page_templates function (which
 gets the list of page templates to display in a <select> box on the page
 edit screen) uses to cleanup the page templates retrieved from a file.

 Unfortunately the function does not sanitize enough, and if (for instance)
 JavaScript existed in the page template name it would be run on the Page
 Edit screen.

 To test, add some JavaScript (with <script> tags) to the "Template Name:"
 line of a page template, and load the Page edit screen.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13377>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list