[wp-trac] [WordPress Trac] #18289: Direct link to plugin installation should have admin chrome
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 10 19:59:01 UTC 2011
#18289: Direct link to plugin installation should have admin chrome
-------------------------------------+------------------------
Reporter: nacin | Owner: nacin
Type: task (blessed) | Status: reviewing
Priority: normal | Milestone: 3.3
Component: Upgrade/Install | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing |
-------------------------------------+------------------------
Comment (by nacin):
$href = add_query_arg('plugin', $_REQUEST['plugin'], $href) doesn't look
secure especially without escaping in the next line.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18289#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list