[wp-trac] [WordPress Trac] #17779: Add some casts in Custom_Image_Header

WordPress Trac wp-trac at lists.automattic.com
Mon Jun 13 07:36:22 UTC 2011


#17779: Add some casts in Custom_Image_Header
--------------------------+-----------------------------
 Reporter:  xknown        |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Themes        |    Version:
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 The step_3 method of the Custom_Image_Header class does not sanitize the
 input data. One can pass for example any value in
 {{{$_POST['attachment_id']}}} (even an URL), which can cause memory
 consumption problems in multisite environments.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17779>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list