[wp-trac] [WordPress Trac] #10729: Potential code injection risk.
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 6 08:10:21 UTC 2009
#10729: Potential code injection risk.
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.9
Component: Security | Version: 2.8.4
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Changes (by hakre):
* milestone: Unassigned => 2.9
Comment:
I added the patch. Code Execution is prevented now because it is not
executed any longer but handeled as html-string-data instead (and that's
what it is).
I will further analyze the code if there are similar scenarios elsewhere.
I patched against trunk, someone need to open a backport ticket for 2.8.5.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10729#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list