[wp-trac] [WordPress Trac] #14556: get_pagenum_link() needs esc_url()
WordPress Trac
wp-trac at lists.automattic.com
Wed Nov 24 17:53:18 UTC 2010
#14556: get_pagenum_link() needs esc_url()
--------------------------+-------------------------------------------------
Reporter: guigouz | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Security | Version: 3.0.1
Severity: normal | Resolution:
Keywords: |
--------------------------+-------------------------------------------------
Changes (by emartin24):
* cc: eric@… (added)
* status: closed => reopened
* resolution: wontfix =>
Comment:
Given that #13051 refers to links that come from the database/options, I
don't think this issue is the same.
The problem is that someone can pass a query string that when used in
conjunction with get_pagenum_link() can create a XSS vulnerability.
In the get_pagenum_link function in wp-includes/link-template.php, what
about changing:
{{{
$result = $base . $request . $query_string;
}}}
to:
{{{
$result = esc_url($base . $request . $query_string);
}}}
or:
{{{
$result = $base . $request . htmlspecialchars($query_string);
}}}
I will send an email to security at wordpress.org, but wanted to re-open this
issue for consideration.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/14556#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list