[wp-trac] [WordPress Trac] #57336: Sanitize url and title missing
WordPress Trac
noreply at wordpress.org
Mon Aug 21 15:28:27 UTC 2023
#57336: Sanitize url and title missing
--------------------------------+---------------------------
Reporter: rafiq91 | Owner: rajinsharwar
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 6.4
Component: Networks and Sites | Version:
Severity: major | Resolution:
Keywords: has-patch | Focuses: multisite
--------------------------------+---------------------------
Changes (by costdev):
* keywords: has-patch 2nd-opinion => has-patch
* focuses: privacy => multisite
* component: Login and Registration => Networks and Sites
Comment:
Thanks @rajinsharwar!
Indeed, escaping was intended - see the second item in
[https://core.trac.wordpress.org/ticket/11644#comment:81 this comment] -
but looks like it wasn't added.
Most other uses of `network_site_url()` are escaped in Core, and I don't
see why these cases would be an exception.
I've left a comment on [https://github.com/WordPress/wordpress-
develop/pull/5046 PR 5046] about some additional URL escaping needed, and
whether we should expand the scope of this ticket and PR to handle other
escaping in this file.
-----
- Updating the component to `Networks and Sites` and adding `multisite`
focus, as this file is specifically for Multisite.
- Removing `privacy` as the proposed change does not affect privacy.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57336#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list