[wp-trac] [WordPress Trac] #3329: Need to strip % from the auto-permalink in the editor.
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 6 07:06:38 UTC 2012
#3329: Need to strip % from the auto-permalink in the editor.
---------------------------+-----------------------------
Reporter: Heyneken | Owner: pishmishy
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: Future Release
Component: Editor | Version: 2.0.5
Severity: normal | Resolution:
Keywords: needs-refresh |
---------------------------+-----------------------------
Comment (by miqrogroove):
thee17, if you are still testing, could you also check what happens if you
manually edit the slug and put a % in it? Because, if the %2f or %25 or
whatever can still be injected, then it is not adequate to just strip in
the slug generator, it would also be necessary to either strip or encode
the manual inputs for any new slug.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/3329#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list