[wp-trac] [WordPress Trac] #11932: Strip Shortcodes from untrusted comment authors (was: kaltura-widget xss security error)
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 17 22:22:42 UTC 2010
#11932: Strip Shortcodes from untrusted comment authors
--------------------------+-------------------------------------------------
Reporter: kdzwinel | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 2.9.2
Component: Security | Version: 2.9.1
Severity: normal | Resolution:
Keywords: xss,kaltura |
--------------------------+-------------------------------------------------
Changes (by Denis-de-Bernardy):
* status: closed => reopened
* resolution: invalid =>
* version: => 2.9.1
* milestone: => 2.9.2
Comment:
Re-opening this, because I think there's a genuine issue here.
We ought to strip shortcodes from comments unless they're inserted by
trusted users.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11932#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list