Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Javascript vulnerability #30

Closed
joshbetz opened this issue Jul 18, 2013 · 1 comment
Closed

Javascript vulnerability #30

joshbetz opened this issue Jul 18, 2013 · 1 comment

Comments

@joshbetz
Copy link
Contributor

You're outputting a potentially unescaped value from the database in javascript at: https://github.com/alleyinteractive/wordpress-fieldmanager/blob/master/php/util/class-fieldmanager-util-validation.php#L260

To fix, just have Fieldmanager_Util_Validation:: format_value do an esc_js for strings. Since strval isn't actually doing anything useful here you can keep it or let it go — it's just turning the value into a string if it happens to be an integer or something. Strings can contain bad javascript though, so we have to escape it.

https://github.com/alleyinteractive/wordpress-fieldmanager/blob/master/php/util/class-fieldmanager-util-validation.php#L311

If it's a boolean or integer we can assume it's safe :)
@bcampeau
Copy link
Member

You're right. I've pushed the fix for this.

bcampeau added a commit that referenced this issue Jul 18, 2013
@bcampeau
Fixing #30 by adding output escaping to string values
6426f85
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joshbetz @bcampeau