[wp-trac] [WordPress Trac] #18445: Unifiltered text can be inserted via Link Image To field when side-loading media
WordPress Trac
wp-trac at lists.automattic.com
Tue Aug 16 06:21:18 UTC 2011
#18445: Unifiltered text can be inserted via Link Image To field when side-loading
media
--------------------------+-----------------------------
Reporter: DrewAPicture | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Validation | Version: 3.2.1
Severity: normal | Keywords: needs-patch
--------------------------+-----------------------------
It looks like the replace methods were left out for {{{f.url.value}}} in
''wp-admin/includes/media.php''. Thus, unfiltered text including complete
javascript strings can be passed through the 'Link Image To' field when
side-loading media via the 'From URL' tab. The unfiltered text is dropped
untouched into the media's link tag and has potential to wreak havoc.
Reproduce:
In posting page-> Add media > Goto 'From URL' tab > Input a url to a valid
remote image > Input special characters into the 'Link Image To' field >
Insert into post.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18445>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list