[wp-trac] [WordPress Trac] #12417: XSS in wp-admin/options.php
WordPress Trac
wp-trac at lists.automattic.com
Sat Feb 27 22:41:16 UTC 2010
#12417: XSS in wp-admin/options.php
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 2.9.2
Severity: normal | Keywords:
-------------------------------+--------------------------------------------
Changes (by nacin):
* milestone: 2.9.3 => 3.0
Comment:
I just patched this, then realized we esc_attr() at the top of the loop,
so we're secure here.
I'm going to move the esc_attr() down further so it's more obvious.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/12417#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list