Package: wordpress
Version: 1.5.2-1
Severity: normal
A cross site scripting vulnerability exists in Wordpress, the vulnerability
manifests itself only when viewed by IE, as Mozilla converts < in the URL to
<
I attached a patch to resolve this issue.
# diff
-u /tmp/template-functions-links.php.orig
/usr/share/wordpress/wp-includes/template-functions-links.php
--- /tmp/template-functions-links.php.orig 2005-09-18 06:18:54.000000000
+0000
+++ /usr/share/wordpress/wp-includes/template-functions-links.php
2005-09-18 06:20:23.000000000 +0000
@@ -353,6 +353,17 @@
global $wp_rewrite;
$qstr = $_SERVER['REQUEST_URI'];
+ $replacement = array ('"', // Replace HTML entities
+ '&',
+ '<',
+ '>');
+
+ $pattern = array ('/"/',
+ '/&/',
+ '/</',
+ '/>/');
+
+ $qstr = preg_replace($pattern, $replacement, $qstr);
$page_querystring = "paged";
$page_modstring = "page/";
@@ -489,4 +500,4 @@
}
}
-?>
\ No newline at end of file
+?>
-- System Information:
Debian Release: 3.1
Architecture: i386 (x86_64)
Kernel: Linux 2.6.11.6-RH1956
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages wordpress depends on:
ii apache [httpd] 1.3.33-6sarge1 versatile, high-performance HTTP
s
ii mysql-server [virtual-mys 4.0.24-10 mysql database server binaries
ii php4 4:4.3.10-16 server-side, HTML-embedded
scripti
ii php4-mysql 4:4.3.10-16 MySQL module for php4
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
