[wp-trac] [WordPress Trac] #13377: Add more sanitization in _cleanup_header_comment
WordPress Trac
wp-trac at lists.automattic.com
Sun Jan 30 23:47:09 UTC 2011
#13377: Add more sanitization in _cleanup_header_comment
--------------------------+-----------------------------
Reporter: seanklein | Owner: ryan
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 3.0
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+-----------------------------
Changes (by kawauso):
* keywords: => has-patch
Comment:
It appears to be used in `get_file_data()` (which is sanitized properly
where used), `get_file_description()` and `get_page_templates()`.
The attached patch sanitizes uses of the latter two with `esc_html()`,
apart from in `wp_getPageTemplates()`. Not really sure what to do with
that.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13377#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list