[wp-trac] Re: [WordPress Trac] #8767: Refactored filters to avoid potential XSS attacks

WordPress Trac wp-trac at lists.automattic.com
Mon Jan 5 06:50:56 GMT 2009


#8767: Refactored filters to avoid potential XSS attacks
-------------------------------------------+--------------------------------
 Reporter:  sambauers                      |        Owner:  ryan 
     Type:  defect (bug)                   |       Status:  new  
 Priority:  high                           |    Milestone:  2.7.1
Component:  Security                       |      Version:  2.7  
 Severity:  major                          |   Resolution:       
 Keywords:  has-patch, needs-testing, XSS  |  
-------------------------------------------+--------------------------------
Comment (by sambauers):

 Replying to [comment:12 link92]:
 > Also, there are plenty of copies of PHP with a PCRE that doesn't have
 Unicode support enabled at all. This has been a fair issue for Habari
 (which requires PHP 5.2.x), I imagine it'll be a lot worse for something
 that requires PHP 4.3.0.

 I would think that we just need examples of how these fail so we can do it
 gracefully instead. I doubt we would build alternatives for them though.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8767#comment:13>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list