Set/Validate/escape these parameters in the settings page #172

donnchawp · 2017-01-30T18:11:36Z

Avoid XSS by validating and escape these parameters on the settings
page. The XSS is on an admin-only page so impact is low. Only an
admin user can set it.
Also set the ossdl_https index to avoid a php warning on the CDN tab.

Avoid XSS by validating and escape these parameters on the settings page. The XSS is on an admin-only page so impact is low. Also set the ossdl_https index to avoid a php warning on the CDN tab.

@jaypatel

* Don't delete so many files on blogs with static homepages. #175 * Discourage use of file locking because semaphores cause problems and it's not needed. #174 * Reorganise the settings page in small ways #173 * Fixed XSS in settings page. Props @jaypatel #172 git-svn-id: http://plugins.svn.wordpress.org/wp-super-cache/trunk@1587563 b8457f37-d9ea-0310-8a92-e5e31aec5664

Set/Validate/escape these parameters in the settings page

13ac3c4

Avoid XSS by validating and escape these parameters on the settings page. The XSS is on an admin-only page so impact is low. Also set the ossdl_https index to avoid a php warning on the CDN tab.

donnchawp added Needs Review PRIORITY labels Jan 30, 2017

donnchawp added this to the 1.4.9 milestone Jan 30, 2017

donnchawp self-assigned this Jan 30, 2017

donnchawp requested a review from kraftbj January 30, 2017 18:11

donnchawp merged commit 99037db into master Jan 31, 2017

donnchawp deleted the fix_xss_on_settings_page branch January 31, 2017 16:37

donnchawp removed Needs Review PRIORITY labels Feb 2, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set/Validate/escape these parameters in the settings page #172

Set/Validate/escape these parameters in the settings page #172

donnchawp commented Jan 30, 2017

Set/Validate/escape these parameters in the settings page #172

Set/Validate/escape these parameters in the settings page #172

Conversation

donnchawp commented Jan 30, 2017