[wp-trac] [WordPress Trac] #58305: This Dynamic Value is From the "apply_filters()" Function not Escaped While Echoing.
WordPress Trac
noreply at wordpress.org
Sun May 14 04:03:09 UTC 2023
#58305: This Dynamic Value is From the "apply_filters()" Function not Escaped While
Echoing.
------------------------------------+-----------------------------
Reporter: mahamudur78 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Keywords:
Focuses: coding-standards |
------------------------------------+-----------------------------
I have identified an issue with echoing a dynamic value of an HTML element
in the [https://github.com/WordPress/wordpress-develop/blob/trunk/src/wp-
login.php#L209 /wp-login.php] file while reviewing its code. The problem
is located on line 209 of the file.
I believe there is a potential security risk associated with this issue,
as the dynamic value is being loaded from the "apply_filters()" function.
To ensure the security and validity of the code, it is crucial to properly
escape the dynamic value and prevent any potential security
vulnerabilities. Therefore, it is important to address this issue by
properly escaping the value on that line.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58305>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list