[wp-trac] [WordPress Trac] #10729: Potential code injection risk.
WordPress Trac
wp-trac at lists.automattic.com
Sat Sep 5 17:50:10 UTC 2009
#10729: Potential code injection risk.
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version: 2.8.4
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Comment(by tomontoast):
Full code is:
{{{
$message = sprintf( __( 'Warning: %s is currently editing this post' ),
esc_html( $last_user_name ) );
149 $message = str_replace( "'", "\'", "<div
class='error'><p>$message</p></div>" );
150 add_action('admin_notices', create_function( '',
"echo '$message';" ) );
}}}
so the problem would only occur when the malicious code is in a user's
display name.
Nonetheless a very dangerous vulnerability.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10729#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list