[wp-trac] [WordPress Trac] #22666: When evaluating path in get_*_url(), '..' can match the query string
WordPress Trac
noreply at wordpress.org
Tue Jan 1 21:00:48 UTC 2013
#22666: When evaluating path in get_*_url(), '..' can match the query string
----------------------------+------------------
Reporter: wonderboymusic | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6
Component: Permalinks | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------
Comment (by DrewAPicture):
Rereading dot-dot.diff, wouldn't you want to require `$url`?
`set_url_scheme()` is going to return a formed host regardless but the
path will only be appended if it both exists and is valid.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22666#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list