[wp-trac] [WordPress Trac] #27099: Input validation on wp-includes/ms-blogs.php in line 52
WordPress Trac
noreply at wordpress.org
Tue Feb 11 21:09:10 UTC 2014
#27099: Input validation on wp-includes/ms-blogs.php in line 52
--------------------------+-----------------------------
Reporter: OswaldoMG | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
Improper neutralization of directives in dynamically evaluated code.
Those lines of code allow user-controlled input to be fed directly into a
function (e. g. "eval") that dynamically evaluates and executes the input
as code, usually in the same interpreted language that the product uses.
Found by static analysis application.
function get_blogaddress_by_name( $blogname ) {
if ( is_subdomain_install() ) {
if ( $blogname == 'main' )
$blogname = 'www';
$url = rtrim( network_home_url(), '/' );
if ( !empty( $blogname ) )
$url = preg_replace( '|^([^\.]+://)|', "\${1}" .
$blogname . '.', $url );
} else {
$url = network_home_url( $blogname );
}
return esc_url( $url . '/' );
}
Recommendations: Do not allow untrusted input to be evaluated or
otherwise interpreted as code.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27099>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list