[wp-trac] [WordPress Trac] #10193: backto parameter used in
database needs better validation
WordPress Trac
wp-trac at lists.automattic.com
Tue Jun 16 20:36:42 GMT 2009
#10193: backto parameter used in database needs better validation
-----------------------------+----------------------------------------------
Reporter: westi | Owner: westi
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.1
Component: Upgrade/Install | Version: 2.8
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
When the database upgrade completes you are offered a continue button to
allow you to go back where you can from.
The backto link is escaped and sanitised but it is not validated to be for
the local blog so could be used for a phishing style redirect
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10193>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list