[wp-trac] [WordPress Trac] #27099: Input validation on wp-includes/ms-blogs.php in line 52

WordPress Trac noreply at wordpress.org
Tue Feb 11 21:15:58 UTC 2014 

#27099: Input validation on wp-includes/ms-blogs.php in line 52
--------------------------+------------------------------
 Reporter:  OswaldoMG     |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  trunk
 Severity:  normal        |  Resolution:
 Keywords:                |     Focuses:
--------------------------+------------------------------
Description changed by ocean90:

Old description:

> Improper neutralization of directives in dynamically evaluated code.
>
> Those lines of code allow user-controlled input to be fed directly into a
> function (e. g. "eval") that dynamically evaluates and executes the input
> as code, usually in the same interpreted language that the product uses.
>
> Found by static analysis application.
>
> function get_blogaddress_by_name( $blogname ) {
>         if ( is_subdomain_install() ) {
>                 if ( $blogname == 'main' )
>                         $blogname = 'www';
>                 $url = rtrim( network_home_url(), '/' );
>                 if ( !empty( $blogname ) )
>                         $url = preg_replace( '|^([^\.]+://)|', "\${1}" .
> $blogname . '.', $url );
>         } else {
>                 $url = network_home_url( $blogname );
>         }
>         return esc_url( $url . '/' );
> }
>
> Recommendations:  Do not allow untrusted input to be evaluated or
> otherwise interpreted as code.

New description:

 Improper neutralization of directives in dynamically evaluated code.

 Those lines of code allow user-controlled input to be fed directly into a
 function (e. g. "eval") that dynamically evaluates and executes the input
 as code, usually in the same interpreted language that the product uses.

 Found by static analysis application.

 {{{
 function get_blogaddress_by_name( $blogname ) {
         if ( is_subdomain_install() ) {
                 if ( $blogname == 'main' )
                         $blogname = 'www';
                 $url = rtrim( network_home_url(), '/' );
                 if ( !empty( $blogname ) )
                         $url = preg_replace( '|^([^\.]+://)|', "\${1}" .
 $blogname . '.', $url );
         } else {
                 $url = network_home_url( $blogname );
         }
         return esc_url( $url . '/' );
 }
 }}}


 Recommendations:  Do not allow untrusted input to be evaluated or
 otherwise interpreted as code.

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/27099#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list