[wp-trac] [WordPress Trac] #13845: XSS/XHTML issue for edit-comments.php

WordPress Trac wp-trac at lists.automattic.com
Fri Jun 11 07:57:58 UTC 2010


#13845: XSS/XHTML issue for edit-comments.php
--------------------------+-------------------------------------------------
 Reporter:  brettz95      |       Owner:            
     Type:  defect (bug)  |      Status:  new       
 Priority:  normal        |   Milestone:  Unassigned
Component:  Security      |     Version:            
 Severity:  normal        |    Keywords:            
--------------------------+-------------------------------------------------
 Hi,

 When viewing edit-comments.php in the admin in application/xhtml+xml mode,
 I get a well-formedness error which also could indicate a possible XSS
 vulnerability since it is apparently user content prompting the insertion
 of invalid markup (in my case a spammer a < symbol inside <a href="...").

 While I don't have a lot of time to research what the best way to do this
 would be, line 584 of /wp-includes/comment_template.php has the
 comment_text() function which is called by line 2075 of /wp-
 admin/includes/template.php (inside function _wp_comment_row ) which is
 called in line 402 (and 408) of wp-admin/edit-comments.php when producing
 <tbody id="the-comment-list">.

 When I use htmlspecialchars inside the comment_text function, it fixes the
 problem (at least for this case).

 function comment_text() {
         echo apply_filters('comment_text',
 htmlspecialchars(get_comment_text()) ); // Brett added htmlspecialchars
 }

 Would appreciate if someone might look into this, thanks...

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/13845>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list