[wp-trac] [WordPress Trac] #39669: Appearance/Menu, Custom Link: bad URL value sanitation
WordPress Trac
noreply at wordpress.org
Fri Apr 5 16:51:49 UTC 2019
#39669: Appearance/Menu, Custom Link: bad URL value sanitation
--------------------------+----------------------
Reporter: TRILOS | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Menus | Version:
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
--------------------------+----------------------
Changes (by welcher):
* status: reopened => closed
* resolution: => wontfix
* milestone: Awaiting Review =>
Comment:
Replying to [comment:7 TRILOS]:
> Thank you for these informations. In the case I noted I had no media
file to refer to, but a relative path: I wanted to link to a similar index
page in a different language, placed in a path of e.g. /en/ instead of
/de/. So if a WP component isn´t able to check this on safety, then it
should be able and it is no edge case, but a essential case of handling
syntacical correct URLs, isn´t it?
Allowing for relative paths will require that we bypass the `esc_url` call
and by doing so, creates a security vulnerability by allowing a user to
input anything into that field.
A relative path such as `../my-translated-page` could be an actual page in
WordPress or potentially a directory that contains a malicious script. The
code cannot determine the intent of the URL being input.
Closing as #wont-fix
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39669#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list