[wp-trac] [WordPress Trac] #10729: Potential code injection risk.

WordPress Trac wp-trac at lists.automattic.com
Sat Sep 5 17:50:10 UTC 2009


#10729: Potential code injection risk.
--------------------------+-------------------------------------------------
 Reporter:  hakre         |       Owner:  ryan      
     Type:  defect (bug)  |      Status:  new       
 Priority:  normal        |   Milestone:  Unassigned
Component:  Security      |     Version:  2.8.4     
 Severity:  normal        |    Keywords:            
--------------------------+-------------------------------------------------

Comment(by tomontoast):

 Full code is:
 {{{
 $message = sprintf( __( 'Warning: %s is currently editing this post' ),
 esc_html( $last_user_name ) );
 149                     $message = str_replace( "'", "\'", "<div
 class='error'><p>$message</p></div>" );
 150                     add_action('admin_notices', create_function( '',
 "echo '$message';" ) );
 }}}
 so the problem would only occur when the malicious code is in a user's
 display name.
 Nonetheless a very dangerous vulnerability.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/10729#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list