[wp-trac] [WordPress Trac] #13845: XSS/XHTML issue for edit-comments.php
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 11 07:57:58 UTC 2010
#13845: XSS/XHTML issue for edit-comments.php
--------------------------+-------------------------------------------------
Reporter: brettz95 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Unassigned
Component: Security | Version:
Severity: normal | Keywords:
--------------------------+-------------------------------------------------
Hi,
When viewing edit-comments.php in the admin in application/xhtml+xml mode,
I get a well-formedness error which also could indicate a possible XSS
vulnerability since it is apparently user content prompting the insertion
of invalid markup (in my case a spammer a < symbol inside <a href="...").
While I don't have a lot of time to research what the best way to do this
would be, line 584 of /wp-includes/comment_template.php has the
comment_text() function which is called by line 2075 of /wp-
admin/includes/template.php (inside function _wp_comment_row ) which is
called in line 402 (and 408) of wp-admin/edit-comments.php when producing
<tbody id="the-comment-list">.
When I use htmlspecialchars inside the comment_text function, it fixes the
problem (at least for this case).
function comment_text() {
echo apply_filters('comment_text',
htmlspecialchars(get_comment_text()) ); // Brett added htmlspecialchars
}
Would appreciate if someone might look into this, thanks...
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13845>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list