[wp-trac] [WordPress Trac] #17779: Add some casts in Custom_Image_Header
WordPress Trac
wp-trac at lists.automattic.com
Mon Jun 13 07:36:22 UTC 2011
#17779: Add some casts in Custom_Image_Header
--------------------------+-----------------------------
Reporter: xknown | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Themes | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
The step_3 method of the Custom_Image_Header class does not sanitize the
input data. One can pass for example any value in
{{{$_POST['attachment_id']}}} (even an URL), which can cause memory
consumption problems in multisite environments.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17779>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list