On Tue, Nov 08, 2005 at 06:18:07PM -0800, Debian Bug Tracking System wrote: > From: Kai Hendry <[EMAIL PROTECTED]> > > Upstream says the (modified) Snoopy class they ship is secure. Since I > have not come across an exploit that says otherwise, I am closing this. > > Along the same lines: > http://wordpress.org/development/2005/11/wordpress-is-secure/
I don't see how this has anything to do with the bug I reported. Wordpress runs the wptexturize filter on bloginfo data, including URLs. Some URLs are corrupted by this. This is *incorrect* behavior. By looking at the actual Wordpress BTS, I see that the bug you opened for this, and 2 other related ones are closed as fixed in 1.6. http://trac.wordpress.org/ticket/1545 http://trac.wordpress.org/ticket/1410 http://trac.wordpress.org/ticket/1729 The changeset that claims to fix it is at: http://trac.wordpress.org/changeset/2935 Please reopen and only close when either 1.6 is in unstable (I'll test experimental packages for you, if you'd like.), or this patch is backported to a 1.5 tree. This is not a security hole, as far as I know, it is a normal bug that complicates running a site on some URLs. Thanks for all the hard work on this, -- Ryan Anderson sometimes Pug Majere -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
