[wp-trac] [WordPress Trac] #21523: Add additional escaping to credit.php

WordPress Trac wp-trac at lists.automattic.com
Sun Sep 16 16:02:06 UTC 2012


#21523: Add additional escaping to credit.php
--------------------------+--------------------
 Reporter:  Viper007Bond  |       Owner:
     Type:  enhancement   |      Status:  new
 Priority:  normal        |   Milestone:  3.5
Component:  Security      |     Version:  3.4.1
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+--------------------

Comment (by nacin):

 esc_url()'s seem fine. We send back entities for some names, though, and I
 would want to make sure that we aren't stomping any future solution to
 solve encoding issues — #17487.

 If wordpress.org were somehow compromised, I feel like XSS on the credits
 page would be our __least__ concern.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21523#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list