[wp-trac] [WordPress Trac] #10193: backto parameter used in database needs better validation

WordPress Trac wp-trac at lists.automattic.com
Tue Jun 16 20:36:42 GMT 2009


#10193: backto parameter used in database needs better validation
-----------------------------+----------------------------------------------
 Reporter:  westi            |       Owner:  westi
     Type:  defect (bug)     |      Status:  new  
 Priority:  normal           |   Milestone:  2.8.1
Component:  Upgrade/Install  |     Version:  2.8  
 Severity:  normal           |    Keywords:       
-----------------------------+----------------------------------------------
 When the database upgrade completes you are offered a continue button to
 allow you to go back where you can from.

 The backto link is escaped and sanitised but it is not validated to be for
 the local blog so could be used for a phishing style redirect

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10193>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list