[wp-trac] [WordPress Trac] #6069: get_avatar should check size is
numeric to avoid injection
WordPress Trac
wp-trac at lists.automattic.com
Sun Mar 2 14:40:45 GMT 2008
#6069: get_avatar should check size is numeric to avoid injection
------------------------+---------------------------------------------------
Reporter: Martin2006 | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.6
Component: General | Version:
Severity: normal | Keywords: has-patch
------------------------+---------------------------------------------------
As get_avatar places $size inside an attribute, it should be sanitized
before being written to the page to avoid XSS injection or any injection
to the remote server (gravatar).
--
Ticket URL: <http://trac.wordpress.org/ticket/6069>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list