Prevent XSS in press-this.php. props Benjamin Flesch. fixes #11119

git-svn-id: http://svn.automattic.com/wordpress/trunk@12168 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith 2009-11-11 23:54:43 +00:00
parent 6a65d30970
commit 17ad540a6c
1 changed files with 5 additions and 4 deletions

View File

@ -91,12 +91,13 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
} }
// Set Variables // Set Variables
$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : ''; $title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : '';
$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; $selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : '';
if ( ! empty($selection) ) { if ( ! empty($selection) ) {
$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection); $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
$selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>'; $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
} }
$url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; $url = isset($_GET['u']) ? esc_url($_GET['u']) : '';
$image = isset($_GET['i']) ? $_GET['i'] : ''; $image = isset($_GET['i']) ? $_GET['i'] : '';
@ -119,7 +120,7 @@ if ( !empty($_REQUEST['ajax']) ) {
<div class="postbox"> <div class="postbox">
<h2><label for="embed-code"><?php _e('Embed Code') ?></label></h2> <h2><label for="embed-code"><?php _e('Embed Code') ?></label></h2>
<div class="inside"> <div class="inside">
<textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo format_to_edit($selection, true); ?></textarea> <textarea name="embed-code" id="embed-code" rows="8" cols="40"><?php echo wp_htmledit_pre( $selection ); ?></textarea>
<p id="options"><a href="#" class="select button"><?php _e('Insert Video'); ?></a> <a href="#" class="close button"><?php _e('Cancel'); ?></a></p> <p id="options"><a href="#" class="select button"><?php _e('Insert Video'); ?></a> <a href="#" class="close button"><?php _e('Cancel'); ?></a></p>
</div> </div>
</div> </div>
@ -576,7 +577,7 @@ var photostorage = false;
<div class="editor-container"> <div class="editor-container">
<textarea name="content" id="content" style="width:100%;" class="theEditor" rows="15"><?php <textarea name="content" id="content" style="width:100%;" class="theEditor" rows="15"><?php
if ( $selection ) if ( $selection )
echo wp_richedit_pre(htmlspecialchars_decode($selection)); echo wp_richedit_pre($selection);
if ( $url ) { if ( $url ) {
echo '<p>'; echo '<p>';
if ( $selection ) if ( $selection )