[wp-trac] [WordPress Trac] #5422: Sanitize plugin update information
WordPress Trac
wp-trac at lists.automattic.com
Tue Dec 4 22:19:13 GMT 2007
#5422: Sanitize plugin update information
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Administration | Version: 2.3.1
Severity: normal | Keywords: has-patch 2nd-opinion
----------------------------+-----------------------------------------------
See [http://groups.google.com/group/wp-
hackers/browse_thread/thread/8560d421d3a94ba4 wp-hackers discussion].
The update data retrieved from WP.org is trusted to be safe and HTML
encoded. We shouldn't make this assumption, plus we should to kses the
plugin's name.
Attached is a proposed patch. Seems to work okay.
--
Ticket URL: <http://trac.wordpress.org/ticket/5422>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list