You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
1. Insert a javascrpt in the URI and the browser will execute it. See
sample script below.
http://www.somewebsite.com/wp-content/themes/mytheme/scripts/timthumb.php?src=ht
tp%3A%2F%2Fwww.somewebsite.com%2Ffiles%2F2009%2F11%2FSomeImage.gif%22%3E%3Cscrip
t%3Ealert%28123%29%3C%2Fscript%3E&=&zc=1&w=120&h=90%22
What is the expected output? What do you see instead?
It should do string validation to prevent scripts form executing. Removing
"<" and ">" would likely do the trick.
What version of the product are you using? On what operating system?
Latest version as far as I know.
Please provide any additional information below.
Original issue reported on code.google.com by jimgoi...@gmail.com on 2 Dec 2009 at 10:17
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
jimgoi...@gmail.com
on 2 Dec 2009 at 10:17The text was updated successfully, but these errors were encountered: