[wp-trac] [WordPress Trac] #5135: Pages are not sanitized in
wp-admin/page.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Oct 2 23:34:10 GMT 2007
#5135: Pages are not sanitized in wp-admin/page.php
----------------------------+-----------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.3.1
Component: Administration | Version: 2.3
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
As a consequence of #4546, page contents are not sanitized in wp-
admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).
Steps to reproduce the problem:
1. Create a new page with any title and some html.
{{{
</textarea><script>alert(/Not escaped/)</script>
}}}
2. Press "Save and Continue Editing" button.
The attached patch adds `sanitize_post` to `get_page` function and also
escapes `post_title` in `parent_dropdown`.
--
Ticket URL: <http://trac.wordpress.org/ticket/5135>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list