#5475 closed defect (bug) (invalid)
Admins not filtered
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 2.3.1 |
| Component: | General | Keywords: | has-patch |
| Focuses: | Cc: |
Description
Tested on a default WP2.3.1 installation, with the default and a few other themes. No commenting plugin installed. Just fresh and new.
Submitting <textarea> and <input> in comments, the actual html elements show up. Ugly and probably a security risk?
You can see an example at http://aendir.com/woot/?p=1#comments
Change History (5)
#1
@
16 years ago
- Resolution set to invalid
- Status changed from new to closed
- Summary changed from [Allowed HTML tags] Textareas and Inputs allowed to Admins not filtered
This ticket was mentioned in PR #5506 on WordPress/wordpress-develop by @dmsnell.
7 months ago
#3
- Keywords has-patch added
Fixes a bug introduced in #5475.
When applying updates to HTML, one step was left out in #5475 which updated the position of the end of the current tag. This made it possible to create bookmarks with null or earlier end positions than their start position. This in turn broke the Directive Processor in Gutenberg during the backport of changes from Core into Gutenberg.
In this patch, after applying updates, the HTML document is now scanned fully to the end of the current tag, updating the internal pointer to its end, so that nothing else will be broken or misaligned.
cc: @ramonjd @andrewserong
@SergeyBiryukov commented on PR #5506:
7 months ago
#4
Thanks for the PR! Merged in r56953.
I realized I was posting as admin and thus I was not subjected to filtering. The tags are not allowed when I'm posting as non-admin.