#3053: several bugs (including security related)
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Administration | Version:
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
I hired a tester to conduct a series of tests on a WP MU install, in order
to check for bugs and potential XSS issues.
His job was to post the following string in every field he could access
from the admin area:
{{{
<script>alert('hello');</script> t\e's"t <i>test</i>
}}}
And to report anything that seemed wrong. His feedback, for information:
-----
1. Write Post:(Url:http://azmi.rehashthegame.com/wp-admin/post-new.php)
Issue: When I Entered the string "<script>alert('hello');</script>
t\e's"t <i>test</i> in HTMLarea then it displays as "alert('hello');
te's"t test " at front end and when i entered the same string in simple
Textfields it display like "<script>alert('hello');</script> t\e's"t
<i>test</i>". but this time no alert message appears on the screen.
2. Write Pages:(/wp-admin/post-new.php)
Issue: when I hit "Save" button without providing any Values, the page
created with the Blank values. We should validate this by a javascript
which checks if the values is Blank the form should not be posted
3. Add Category:(Url: /wp-admin/categories.php#addcat1.)
Issue:Again the same issues. Not proper validations applied on the
fields.so teh category withour any Name or any other values is
successfully added in to the system.
4. BlogRoll Management: (/wp-admin/link-manager.php)
Issue: Can't able to select/deselect the checkbox placed at the top.
5. Add Link: (/wp-admin/link-add.php)
Issue: Form accepts the Blank Values.and teh Link Added with the Blank
values.
6.Users:
Issue: While Adding the new Users, Email field allow me to enter any
value. Script should Validate the value at the client end and if doesn't
contain '@',it should display the proper message and the form should not
be submitted.
Functional Issues:
Users:
1. When i tried to search the script "<script>alert('hello');</script>
t\e's"t <i>test</i>.. It display the" Hello" message and throws the Error:
Warning: Invalid argument supplied for foreach() in /wp-admin/users.php on
line 372
2. Unable to Add new User to the List.
3. No error message displayed when i entered a wiered value(xyz000) for
Email Field although the User is not created but it should display the
proper message to the user.
4. Error Page should be properly Formated. right now it only display the
error message without the Header and footers.which breaks the consistency
of the application.
(/wp-admin/profile-update.php)
* While searching "azmi.ali" below error occurs:
Warning: Invalid argument supplied for foreach() in /wp-admin/users.php on
line 372
--
Ticket URL: <http://trac.wordpress.org/ticket/3053>
WordPress Trac <http://wordpress.org/>
WordPress blogging software