[wp-trac] Re: [WordPress Trac] #5644: wp_kses_normalize_entities
regular expression does not use callback
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 11 18:55:18 GMT 2008
#5644: wp_kses_normalize_entities regular expression does not use callback
------------------------+---------------------------------------------------
Reporter: darkdragon | Owner: westi
Type: defect | Status: assigned
Priority: normal | Milestone: 2.6
Component: Security | Version:
Severity: normal | Resolution:
Keywords: kses |
------------------------+---------------------------------------------------
Changes (by westi):
* owner: anonymous => westi
* status: new => assigned
Comment:
The main issue with e is that you are giving user supplied data to php to
evaluate - therefore theoretically you could have a security issue if you
are not careful.
This is why using a callback is better.
--
Ticket URL: <http://trac.wordpress.org/ticket/5644#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list