[wp-trac] [WordPress Trac] #10226: Sanitization bypass in clean_url
and wp_sanitise redirect
WordPress Trac
wp-trac at lists.automattic.com
Sat Jun 20 17:30:44 GMT 2009
#10226: Sanitization bypass in clean_url and wp_sanitise redirect
--------------------------+-------------------------------------------------
Reporter: westi | Owner: westi
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8.1
Component: Security | Version: 2.8
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Following on from #4819, while writing unit tests for clean_url I noticed
an issue with the way in which it removes %0d and %0a from urls.
It expects the miscreant to have been nice and used lower case letters so
%0D and %0A just slip straight through.
This also affects wp_safe_redirect and clean_url can currently be bypassed
in the same way that wp_safe_redirect could before #4819 is fixed.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10226>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list