Ticket #3988 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

Sanitize pagenow in admin-header.php

Reported by: xknown Assigned to: anonymous
Priority: highest omg bbq Milestone: 2.1.3
Component: Security Version: 2.1.2
Severity: critical Keywords: has-patch
Cc: charleshooper

Description

In admin-header.php there's a wp_enqueue_script call that uses the value of pagenow variable, it should be sanitized before output.

PS. Thursday I've sent to security@wordpress.org a PoC that uses this variable to perform an XSS/CSRF attack.

Attachments

admin-header.diff (0.6 kB) - added by xknown on 03/17/07 14:02:24.
escape pagenow value

Change History

03/17/07 14:02:24 changed by xknown

  • attachment admin-header.diff added.

escape pagenow value

03/17/07 17:05:39 changed by foolswisdom

  • priority changed from normal to highest omg bbq.
  • severity changed from normal to critical.

03/17/07 22:59:56 changed by charleshooper

  • cc set to charleshooper.
  • keywords set to has-patch.

03/18/07 23:04:24 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [5059]) escape pagenow. Props xknown. fixes #3988 for trunk

03/18/07 23:04:38 changed by ryan

(In [5060]) escape pagenow. Props xknown. fixes #3988 for 2.1