Ticket #5422 (assigned defect (bug))

Opened 1 year ago

Last modified 1 year ago

Sanitize plugin update information

Reported by: Viper007Bond Assigned to: westi (accepted)
Priority: normal Milestone: 2.9
Component: Administration Version: 2.3.1
Severity: normal Keywords: has-patch 2nd-opinion
Cc:

Description

See wp-hackers discussion.

The update data retrieved from WP.org is trusted to be safe and HTML encoded. We shouldn't make this assumption, plus we should to kses the plugin's name.

Attached is a proposed patch. Seems to work okay.

Attachments

5422.patch (1.9 kB) - added by Viper007Bond on 12/04/07 22:19:37.

Change History

12/04/07 22:19:37 changed by Viper007Bond

  • attachment 5422.patch added.

12/05/07 06:57:56 changed by westi

  • owner changed from anonymous to westi.
  • status changed from new to assigned.