[wp-trac] [WordPress Trac] #28699: \0 (backslash+zero) gets stripped from post content for users without "unfiltered_html"
WordPress Trac
noreply at wordpress.org
Tue Jul 1 18:44:48 UTC 2014
#28699: \0 (backslash+zero) gets stripped from post content for users without
"unfiltered_html"
------------------------------------------+------------------
Reporter: azaozz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.0
Component: Formatting | Version: 1.0
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+------------------
Comment (by miqrogroove):
A secondary concern would be that the kses filter incorrectly removes
multiple chars from the middle of user input. This could be exploited to
form other unwanted strings, including {{{\0}}} itself by simply re-
encoding as {{{\\00}}}.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28699#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list