[wp-trac] [WordPress Trac] #11941: Security Issues in class Snoopy within trunk
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 18 18:21:23 UTC 2010
#11941: Security Issues in class Snoopy within trunk
--------------------------+-------------------------------------------------
Reporter: hakre | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Security | Version: 3.0
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
The core trunk codebase contains a class called Snoopy which has security
issues (it is said). Next to this, one I found in concrete is that it does
not properly fitler XML/HTML so it's open to XSS and other forms of
injection.
1. If the class is still in use I suggest to replace it with WP API
functions (related: #8082).
2. (Then,) If the class isn't any longer in use, I suggest to remove it
from trunk.
3. It's about time. If you do not think so, then the class should be
mimicked with WP API functions.
In any case that code should be removed finally.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11941>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list