[wp-trac] [WordPress Trac] #18395: Non-URL GUIDs are stripped on post update
WordPress Trac
wp-trac at lists.automattic.com
Sat Aug 13 18:34:20 UTC 2011
#18395: Non-URL GUIDs are stripped on post update
--------------------------+------------------------------
Reporter: alexkingorg | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Validation | Version: 3.2.1
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by nacin):
This is a security precaution. Unfortunately, $post->guid may be used as a
URL, which means that it needs to be secure if so. (Otherwise it's
possible to stuff this with a POST.) Deciding whether we can use
esc_url_raw vs regular attribute escaping (or strip_tags) can be a
challenge.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18395#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list