[buddypress-trac] [BuddyPress Trac] #5796: Invalid or empty page_arg results in no-limit queries
buddypress-trac
noreply at wordpress.org
Tue Aug 5 05:51:11 UTC 2014
#5796: Invalid or empty page_arg results in no-limit queries
-----------------------------+-------------------------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: high | Milestone: 2.1
Component: All Components | Version:
Severity: major | Keywords: needs-patch 2nd-opinion
-----------------------------+-------------------------------------
Passing an invalid page argument in a URL that's listening for `$_REQUEST[
$page_arg ]` will empower users to query for unpaginated results. To
reproduce:
* domain.com/activity/?acpage=%27
* domain.com/activity/?acpage=0
* domain.com/members/?upage=%27
* domain.com/members/?upage=0
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/5796>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list