Ticket #5135 (closed defect: fixed)

Opened 9 months ago

Last modified 9 months ago

Pages are not sanitized in wp-admin/page.php

Reported by: xknown Assigned to: anonymous
Priority: normal Milestone: 2.3.1
Component: Administration Version: 2.3
Severity: normal Keywords:
Cc:

Description

As a consequence of #4546, page contents are not sanitized in wp-admin/page.php, this bug is present in WP 2.3 and trunk (rev 6181).

Steps to reproduce the problem:

  1. Create a new page with any title and some html. 
    </textarea><script>alert(/Not escaped/)</script>
  2. Press "Save and Continue Editing" button.

The attached patch adds sanitize_post to get_page function and also escapes post_title in parent_dropdown.

Attachments

sanitize_page.diff (3.1 kB) - added by xknown on 10/02/07 23:34:34.
sanitize pages

Change History

10/02/07 23:34:34 changed by xknown

  • attachment sanitize_page.diff added.

sanitize pages

10/03/07 16:26:17 changed by ryan

  • status changed from new to closed.
  • resolution set to fixed.

(In [6184]) Add page sanitization. Props xknown. fixes #5135 for 2.3

10/03/07 16:27:07 changed by ryan

(In [6185]) Add page sanitization. Props xknown. fixes #5135 for trunk