[wp-trac] [WordPress Trac] #21523: Add additional escaping to credit.php
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 16 16:02:06 UTC 2012
#21523: Add additional escaping to credit.php
--------------------------+--------------------
Reporter: Viper007Bond | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.5
Component: Security | Version: 3.4.1
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+--------------------
Comment (by nacin):
esc_url()'s seem fine. We send back entities for some names, though, and I
would want to make sure that we aren't stomping any future solution to
solve encoding issues — #17487.
If wordpress.org were somehow compromised, I feel like XSS on the credits
page would be our __least__ concern.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21523#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list