[wp-trac] Re: [WordPress Trac] #4720: Users without unfiltered_html
capability can post arbitrary html
WordPress Trac
wp-trac at lists.automattic.com
Tue Aug 14 20:41:22 GMT 2007
#4720: Users without unfiltered_html capability can post arbitrary html
-----------------------+----------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: closed
Priority: high | Milestone:
Component: Security | Version: 2.2.2
Severity: major | Resolution: invalid
Keywords: has-patch |
-----------------------+----------------------------------------------------
Changes (by Otto42):
* status: new => closed
* resolution: => invalid
* milestone: 2.2.3 =>
Comment:
I just checked out a fresh copy of trunk from svn and the text "no_filter"
does not appear anywhere in it whatsoever. grep -i -r no_filter * returned
no results.
This has got to be a problem with a plugin or something. Even if no_filter
is set and even if you have register_globals on to turn it into
$no_filter, there's no check for $no_filter anywhere in the code.
Marked as invalid.
--
Ticket URL: <http://trac.wordpress.org/ticket/4720#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list