[wp-trac] [WordPress Trac] #44054: Privacy: Escape the comment link output in the wp_comments_personal_data_exporter() function.
WordPress Trac
noreply at wordpress.org
Sat May 12 15:45:13 UTC 2018
#44054: Privacy: Escape the comment link output in the
wp_comments_personal_data_exporter() function.
----------------------------+-----------------------
Reporter: birgire | Owner: iandunn
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.9.6
Component: Administration | Version: trunk
Severity: normal | Resolution:
Keywords: gdpr has-patch | Focuses:
----------------------------+-----------------------
Changes (by iandunn):
* owner: (none) => iandunn
* status: new => accepted
* component: General => Administration
* milestone: Awaiting Review => 4.9.6
Comment:
Thanks for catching that!
At first glance, I don't see any way for an attacker to introduce
malicious input to that URL (unless a plugin is filtering it and
introduces some). Even if there were a way, the malicious script would
execute in the context of `localhost` on the target's computer, rather
than the site it was exported from, which I think would mitigate a lot of
the damage it could do.
We should definitely still fix it, though.
In the future, it's best to
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ report any security issues to HackerOne], even if they're
only present in `trunk` or a beta/RC. There are some high-profile sites
that run `trunk` or the latest branch in production.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44054#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list