Ticket #3396 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Plugin version, etc. not sanitized like description is

Reported by: Viper007Bond Assigned to: markjaquith
Priority: lowest Milestone: 2.1
Component: Administration Version: 2.1
Severity: minor Keywords: has-patch
Cc:

Description

We sanitize plugin descriptions with kses, so why not the version and such?

Try this in a plugin for example: 

Version: 1.0 <script type="text/javascript">alert('I haxz0red your PC!');</script>

Now of course plugin authors could just put bad JS into the plugin itself, so this isn't really a security ticket, more a "let's-do-the-same-thing-to-all-fields" ticket (either sanitize them all or none).

Attachments

plugins.patch (1.4 kB) - added by Viper007Bond on 11/29/06 08:08:33.

Change History

11/29/06 00:03:43 changed by markjaquith

  • keywords set to needs-patch.
  • owner changed from anonymous to markjaquith.
  • status changed from new to assigned.

Agreed re: "all or nothing"

I'd go with "all," if only to stave off the inevitable "WordPress Security Bulletin: plugins can p0wn your WordPress!"

Patch it up!

11/29/06 07:58:28 changed by Viper007Bond

Roger, captain!

11/29/06 08:08:33 changed by Viper007Bond

  • attachment plugins.patch added.

11/29/06 08:08:59 changed by Viper007Bond

  • keywords changed from needs-patch to has-patch.

11/29/06 09:22:53 changed by markjaquith

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [4540]) Sanitize all plugin metadata, for consistency. Props Viper007Bond. fixes #3396

11/29/06 09:25:57 changed by markjaquith

Minor nitpicky note:

In the future, when using whitespace to align blocks of similar assignments (like the row of KSES calls), use spaces instead of tabs to make them line up. Many text editors can set tabs to be varying sizes, so they won't line up unless someone is using the same size tabs as you.

11/29/06 09:45:17 changed by Viper007Bond

Well there is a quasi-standard, but good point. :)