[wp-trac] [WordPress Trac] #48106: Revisit post GUID sanitization on `&`
WordPress Trac
noreply at wordpress.org
Tue Sep 24 11:31:16 UTC 2019
#48106: Revisit post GUID sanitization on `&`
-------------------------------+------------------------------
Reporter: zzxiang | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: 5.2.3
Severity: normal | Resolution:
Keywords: | Focuses:
-------------------------------+------------------------------
Changes (by SergeyBiryukov):
* component: Post Formats => Posts, Post Types
Comment:
Hi there, welcome to WordPress Trac! Thanks for the report.
Replying to [ticket:48106 zzxiang]:
> Post GUID sanitization was added with a commit in 2011:
https://github.com/WordPress/WordPress/commit/81a5f821fbfb63be6c5517d033b8e7a0a4172f07.
The commit log message does not state why post GUIDs need to be sanitized
on save and display. Also, the commit is so long time ago that seems that
even the members of the core channel of WordPress Slack group can't tell
the reason.
Per the [https://wordpress.org/news/2011/05/wordpress-3-1-3/ release post
for WordPress 3.1.3], this appears to be a part of "Various security
hardening" and "Media security fixes" items on the list. This predates our
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ current security program], so getting more details is
indeed a non-trivial task.
I guess contacting the [https://make.wordpress.org/security/ Security
Team] would be the way forward here, since any changes would need to be
carefully reviewed to avoid regressions.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48106#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list