[wp-trac] [WordPress Trac] #43717: Ping back URL display with out escaping.
WordPress Trac
noreply at wordpress.org
Sat Apr 7 18:46:37 UTC 2018
#43717: Ping back URL display with out escaping.
--------------------------+------------------------------
Reporter: sharaz | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.9.5
Severity: normal | Resolution:
Keywords: has-patch | Focuses: template
--------------------------+------------------------------
Changes (by soulseekah):
* keywords: => has-patch
Comment:
Welcome to Trac! Thanks for your report. While not a security issue (well,
not less secure than `the_title()`), using `esc_url` should be done, of
course.
43717.diff fixes all 7 themes in this regard.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43717#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list