[wp-trac] Re: [WordPress Trac] #4606: Redirection Vulnerability in
wp-pass.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 18 19:59:19 GMT 2007
#4606: Redirection Vulnerability in wp-pass.php
------------------------------------------------------------+---------------
Reporter: snakefoot | Owner: markjaquith
Type: defect | Status: assigned
Priority: high | Milestone: 2.3
Component: Security | Version: 2.0.10
Severity: major | Resolution:
Keywords: developer-feedback has-patch security redirect |
------------------------------------------------------------+---------------
Changes (by markjaquith):
* owner: anonymous => markjaquith
* status: new => assigned
Comment:
Check out {{{4606.002.diff}}} which introduces {{{wp_safe_redirect()}}}
{{{wp_safe_redirect}}} is like {{{wp_redirect()}}}, but it only allows
server relative redirects (start with a single forward slash) or redirects
that start with {{{get_option('home')}}}. Anything else, including URLs
that start with "//" or URLs on a different domain, get changed to
{{{get_option('home') . '/'}}} before {{{wp_redirect()}}} is called.
This won't be used all, the time -- only when we're using a user-provided
redirect.
This allows for the most backwards compatibility (as opposed to patching
{{{wp_redirect()}}} itself.
I changed a few instances of using untrusted URLs for redirects, but there
may be more.
--
Ticket URL: <http://trac.wordpress.org/ticket/4606#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list