From 27da9f30136de1636b6e2a52765d2c37f728fba4 Mon Sep 17 00:00:00 2001 From: Mark Jaquith Date: Wed, 11 Nov 2009 23:54:43 +0000 Subject: [PATCH] Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119 git-svn-id: https://develop.svn.wordpress.org/trunk@12168 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/press-this.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 7b4256b1e4..30b1bf4778 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -91,12 +91,13 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { } // Set Variables -$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : ''; -$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; +$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : ''; +$selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : ''; if ( ! empty($selection) ) { $selection = preg_replace('/(\r?\n|\r)/', '

', $selection); $selection = '

'.str_replace('

', '', $selection).'

'; } + $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; $image = isset($_GET['i']) ? $_GET['i'] : ''; @@ -119,7 +120,7 @@ if ( !empty($_REQUEST['ajax']) ) {

- +

@@ -576,7 +577,7 @@ var photostorage = false;