[wp-trac] [WordPress Trac] #17779: Add some casts in Custom_Image_Header
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 13 08:34:05 UTC 2011
#17779: Add some casts in Custom_Image_Header
--------------------------+------------------
Reporter: xknown | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.2
Component: Themes | Version:
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------
Comment (by nacin):
Replying to [comment:2 xknown]:
> Replying to [comment:1 nacin]:
> > In the future, please report things that sound like vulnerabilities to
security at wordpress.org. After walking through the code, this comes pretty
close to being one.
>
> I reported it before the latest minor release (on May 5) :)
Ah, sorry Alex. You're right. I didn't recognize the username. :-) Thanks
for going through the right channels. We should have included it in the
omnibus, but at least there's no vuln here.
> > I don't see a memory consumption issue, unless an image is being
referenced, and thus GD goes through a resizing.
>
> Well, I'm not sure about that. The imagecreatefromstring function still
needs some amount of memory to load the image. Thus, if someone forces to
load multiple large images you may have a problem there.
Indeed. Still something we should fix.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17779#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list