[wp-trac] [WordPress Trac] #57336: Escape missing URLs and HTML element content in wp-activate.php (was: Sanitize url and title missing)
WordPress Trac
noreply at wordpress.org
Fri Oct 13 21:39:32 UTC 2023
#57336: Escape missing URLs and HTML element content in wp-activate.php
----------------------------------------+---------------------------
Reporter: rafiq91 | Owner: rajinsharwar
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 6.4
Component: Networks and Sites | Version:
Severity: major | Resolution:
Keywords: has-patch has-testing-info | Focuses: multisite
----------------------------------------+---------------------------
Changes (by rajinsharwar):
* keywords: has-patch needs-testing needs-testing-info => has-patch has-
testing-info
Old description:
> 1. The login title in wp-login.php is not sanitized properly
> https://prnt.sc/MJLEeeUWf7BE
> 2. Network site URL is also not properly sanitized
> https://prnt.sc/6rFVD0ClxbO-
New description:
In the wp-activate.php file,
1. We have some unescaped instances of the "network_site_url()" function.
2. We have some unescaped URLs being used.
3. We have some unescaped HTML element content.
This ticket escapes the missing unescaped instances.
--
Comment:
Hi @nicolefurlan @oglekler, updated the title and description for the
ticket. :)
Let me know if I missed anything.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57336#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list