Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

use clean_url() instead of attribute_escape() when dealing with src/href to protect against XSS. props xknown. fixes #3986 for 2.0. 

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@5058 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2007-03-17 09:04:56 +00:00
parent 19d57a5326
commit 1bdc18d904
7 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/admin-functions.php
View File

@ -467,11 +467,11 @@ function edit_user($user_id = 0) {
function get_link_to_edit($link_id) {
$link = get_link($link_id);
$link->link_url = attribute_escape($link->link_url);
$link->link_url = clean_url($link->link_url);
$link->link_name = attribute_escape($link->link_name);
$link->link_image = attribute_escape($link->link_image);
$link->link_description = attribute_escape($link->link_description);
$link->link_rss = attribute_escape($link->link_rss);
$link->link_rss = clean_url($link->link_rss);
$link->link_rel = attribute_escape($link->link_rel);
$link->link_notes = wp_specialchars($link->link_notes);
$link->post_category = $link->link_category;
@ -481,7 +481,7 @@ function get_link_to_edit($link_id) {
function get_default_link_to_edit() {
if ( isset($_GET['linkurl']) )
$link->link_url = attribute_escape($_GET['linkurl']);
$link->link_url = clean_url($_GET['linkurl']);
else
$link->link_url = '';

2
wp-admin/bookmarklet.php
View File

@ -37,7 +37,7 @@ else
$content = wp_specialchars($_REQUEST['content']);
$popupurl = attribute_escape(stripslashes($_REQUEST['popupurl']));
$popupurl = clean_url(stripslashes($_REQUEST['popupurl']));
if ( !empty($content) ) {
$post->post_content = wp_specialchars( stripslashes($_REQUEST['content']) );
} else {

2
wp-admin/post.php
View File

@ -81,7 +81,7 @@ case 'edit':
?>
<div id='preview' class='wrap'>
<h2 id="preview-post"><?php _e('Post Preview (updated when post is saved)'); ?> <small class="quickjump"><a href="#write-post"><?php _e('edit &uarr;'); ?></a></small></h2>
<iframe src="<?php echo attribute_escape(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
<iframe src="<?php echo clean_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID)))); ?>" width="100%" height="600" ></iframe>
</div>
<?php
break;

4
wp-admin/upgrade.php
View File

@ -67,7 +67,7 @@ text-align: center; border-top: 1px solid #ccc; padding-top: 1em; font-style: it
switch($step) {
case 0:
$goback = attribute_escape(stripslashes(wp_get_referer()));
$goback = clean_url(stripslashes(wp_get_referer()));
?>
<p><?php _e('This file upgrades you from any previous version of WordPress to the latest. It may take a while though, so be patient.'); ?></p>
<h2 class="step"><a href="upgrade.php?step=1&amp;backto=<?php echo $goback; ?>"><?php _e('Upgrade WordPress &raquo;'); ?></a></h2>
@ -86,7 +86,7 @@ switch($step) {
if ( empty( $_GET['backto'] ) )
$backto = __get_option('home');
else
$backto = attribute_escape(stripslashes($_GET['backto']));
$backto = clean_url(stripslashes($_GET['backto']));
?>
<h2><?php _e('Step 1'); ?></h2>
<p><?php printf(__("There's actually only one step. So if you see this, you're done. <a href='%s'>Have fun</a>!"), $backto); ?></p>

2
wp-includes/functions.php
View File

@ -2491,7 +2491,7 @@ function wp_nonce_ays($action) {
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
} else {
$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . attribute_escape(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg('_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'])) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
}
$html .= "</body>\n</html>";
wp_die($html, $title);

2
wp-includes/links.php
View File

@ -212,7 +212,7 @@ function get_links($category = -1,
$the_link = '#';
if (!empty($row->link_url))
$the_link = attribute_escape($row->link_url);
$the_link = clean_url($row->link_url);
$rel = $row->link_rel;
if ($rel != '') {

4
wp-includes/template-functions-links.php
View File

@ -458,7 +458,7 @@ function get_next_posts_page_link($max_page = 0) {
}
function next_posts($max_page = 0) {
echo attribute_escape(get_next_posts_page_link($max_page));
echo clean_url(get_next_posts_page_link($max_page));
}
function next_posts_link($label='Next Page &raquo;', $max_page=0) {
@ -495,7 +495,7 @@ function get_previous_posts_page_link() {
}
function previous_posts() {
echo attribute_escape(get_previous_posts_page_link());
echo clean_url(get_previous_posts_page_link());
}
function previous_posts_link($label='&laquo; Previous Page') {