[wp-trac] [WordPress Trac] #11701: Constructing URIs using the slug (post_name) can result in arbitrary characters being passed through to the final HTML
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 3 01:16:37 UTC 2010
#11701: Constructing URIs using the slug (post_name) can result in arbitrary
characters being passed through to the final HTML
--------------------------+-------------------------------------------------
Reporter: jaylett | Owner:
Type: defect (bug) | Status: new
Priority: low | Milestone: Unassigned
Component: General | Version: 2.9
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
The characters in post_name are assumed to be safe for passing directly
into a constructed URI (typically a permalink). The expected behaviour is
for anything that is not valid directly in a URI to be suitably escaped,
and then for the URI to be HTML entity escaped.
If the post_name contains say {{{">}}} then the anchor tag emitted is
terminated and the rest of the post_name will be displayed.
If the post_name contains say {{{<}}} then the URI that is followed by
the web browser will contain {{{<}}} rather than the literal {{{<}}}.
(This is a niche case that I know should never happen because of input
validation / construction of post_name.)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11701>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list