Created
April 27, 2015 14:52
-
-
Save hannob/a07f7b7e196c75c4c1a8 to your computer and use it in GitHub Desktop.
Wordpress 4.2 XSS emergency fix
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- wordpress/wp-comments-post.php 2015-01-08 08:05:25.000000000 +0100 | |
| +++ htdocs/wp-comments-post.php 2015-04-27 16:50:24.250000000 +0200 | |
| @@ -12,6 +12,12 @@ | |
| exit; | |
| } | |
| +$psize=0; | |
| +foreach($_POST as $p) { | |
| + $psize += strlen($p); | |
| +} | |
| +if ($psize > 50000) die("Comment too large"); | |
| + | |
| /** Sets up the WordPress Environment. */ | |
| require( dirname(__FILE__) . '/wp-load.php' ); | |
Does anyone know why the XSS filter is not applied before storing to the database. If the message is safe before putting it into the database. Truncating it would cause no harm right ?
This patch is obsolete now, please use the official upstream fix in wordpress 4.2.1:
https://wordpress.org/news/2015/04/wordpress-4-2-1/
@GuillaumeLeclerc the problem is a bit tricky. The filter is applied, but the data is truncated later. And browsers do trickery to try to interpret invalid code which in this case leads to the truncation creating javascript the browser can interpret.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
---wordpressvs+++htdocs?