[wp-trac] [WordPress Trac] #12417: XSS in wp-admin/options.php

WordPress Trac wp-trac at lists.automattic.com
Sat Feb 27 22:41:16 UTC 2010


#12417: XSS in wp-admin/options.php
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan 
     Type:  defect (bug)       |      Status:  new  
 Priority:  normal             |   Milestone:  3.0  
Component:  Security           |     Version:  2.9.2
 Severity:  normal             |    Keywords:       
-------------------------------+--------------------------------------------
Changes (by nacin):

  * milestone:  2.9.3 => 3.0


Comment:

 I just patched this, then realized we esc_attr() at the top of the loop,
 so we're secure here.

 I'm going to move the esc_attr() down further so it's more obvious.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/12417#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list