[wp-trac] [WordPress Trac] #25851: post_content lost when inserting Posts with large base64-encoded images

WordPress Trac noreply at wordpress.org
Fri Jan 17 07:53:59 UTC 2014


#25851: post_content lost when inserting Posts with large base64-encoded images
-----------------------------+-----------------------------
 Reporter:  ctayloroomphinc  |       Owner:
     Type:  defect (bug)     |      Status:  new
 Priority:  low              |   Milestone:  Future Release
Component:  Formatting       |     Version:  3.8
 Severity:  critical         |  Resolution:
 Keywords:                   |
-----------------------------+-----------------------------
Changes (by nacin):

 * priority:  normal => low
 * milestone:  Awaiting Review => Future Release


Comment:

 Thanks for the report, Corey. This is a tough one. It would be great to
 optimize kses, but given its nature (security), it isn't easy to do. Many
 have tried, only a few have come out alive.

 One workaround would be to run wp_insert_post() as a user privileged
 enough to not have kses run. Or simply kses_remove_filters() followed by a
 kses_init(). If the data is trusted, of course.

 I will say, that's a *ton* of data (and it's looking through to find
 exploitative protocols, among other things), but it's possible that for
 certain kinds of data, we can simply bypass it due to a whitelist. For
 example, at some point, all we have to deal with are 64 characters, none
 of them dangerous. It could be one approach to take. I could also totally
 go for increasing the backtrack limit if we can't come up with a better
 way to do it (we've done it elsewhere) — out of curiosity, how much did
 you need to increase it to get it to work?

--
Ticket URL: <https://core.trac.wordpress.org/ticket/25851#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list