[wp-trac] Re: [WordPress Trac] #5998: Invalid Unicode characters
WordPress Trac
wp-trac at lists.automattic.com
Tue Jun 16 14:32:22 GMT 2009
#5998: Invalid Unicode characters
--------------------------+-------------------------------------------------
Reporter: shelleyp | Owner: hakre
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 2.9
Component: Charset | Version: 2.3.3
Severity: normal | Keywords: needs-patch reporter-feedback
--------------------------+-------------------------------------------------
Comment(by codedread):
The reporter's case is the following:
Turn on true XHTML serving in WordPress (i.e. serving the
application/xhtml+xml MIME type). Malicious commenters come in and inject
invalid code points into a comment on the blog. WordPress does not handle
some invalid code points (U+FFFE and U+FFFF specifically) so the result is
that the blog now has a "Yellow Screen Of Death".
--
Ticket URL: <http://core.trac.wordpress.org/ticket/5998#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list