[wp-trac] [WordPress Trac] #24328: blogname and blogdescription are not escaped
WordPress Trac
noreply at wordpress.org
Mon May 13 18:50:59 UTC 2013
#24328: blogname and blogdescription are not escaped
----------------------------+------------------------------
Reporter: aniketpant | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version:
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+------------------------------
Comment (by aniketpant):
Replying to [comment:2 johnbillion]:
> Input should be sanitised, output should be escaped. We should escape
this coming out, not going in.
Yes. It should be sanitized, but there is no help text that says that a
value of this sort will not be accepted. Furthermore, the new value is
saves as `null` and no error message or warning is displayed.
I think we should think more on these lines.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/24328#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list