[wp-trac] [WordPress Trac] #10056: href not sanitized in media uploader
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 24 09:51:48 UTC 2009
#10056: href not sanitized in media uploader
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.9
Component: Media | Version: 2.8
Severity: normal | Keywords: has-patch
-------------------------------+--------------------------------------------
Changes (by Denis-de-Bernardy):
* keywords: => has-patch
Comment:
seems right, yeah. I noted another one, but the $src was extracted from
media_handle_sideload(). so it probably isn't worth adding another
esc_url_raw().
one day, we should really settle on a version, and ensure that the WP
internals require and return data in a consistently sanitized manner (i.e.
with/without slashes and/or html encoding).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10056#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list