[wp-trac] [WordPress Trac] #31080: GUID should not always be escaped for url in feeds
WordPress Trac
noreply at wordpress.org
Mon Apr 20 20:48:31 UTC 2015
#31080: GUID should not always be escaped for url in feeds
------------------------------+--------------------------
Reporter: CheeseDurger | Owner: stevenkword
Type: enhancement | Status: closed
Priority: normal | Milestone: 4.2
Component: Feeds | Version: trunk
Severity: normal | Resolution: fixed
Keywords: has-patch commit | Focuses: template
------------------------------+--------------------------
Comment (by nacin):
I'll just mention that the `esc_url()` here was absolutely added in an
early 3.x security release, to close a vulnerability where (this is from
memory) it was possible to set the guid for a post via a specially crafted
request and then end up with an XSS situation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31080#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list