[wp-trac] [WordPress Trac] #44054: Privacy: Escape the comment link output in the wp_comments_personal_data_exporter() function.
WordPress Trac
noreply at wordpress.org
Tue May 15 14:07:34 UTC 2018
#44054: Privacy: Escape the comment link output in the
wp_comments_personal_data_exporter() function.
--------------------------------------------------+----------------------
Reporter: birgire | Owner: iandunn
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.9.6
Component: Administration | Version: trunk
Severity: normal | Resolution: fixed
Keywords: gdpr fixed-major commit dev-reviewed | Focuses:
--------------------------------------------------+----------------------
Changes (by azaozz):
* status: reopened => closed
* resolution: => fixed
Comment:
In [changeset:"43270" 43270]:
{{{
#!CommitTicketReference repository="" revision="43270"
Privacy: Escape comment URLs in personal export file to prevent XSS.
There doesn't appear to be any way for an attacker to introduce malicious
input into the URL, unless a plugin is filtering the URL to add it, but
it's better to be safe than sorry.
Props birgire.
Merges [43245] to the 4.9 branch.
Fixes #44054.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44054#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list