WordPress.org

Ready to get started?Download WordPress

Forums

Comments View to be more secure (1 post)

  1. philsci
    Member
    Posted 5 years ago #

    Dear folks,

    I would like to address a question on "edit-comments.php". Why the default setting of "comments view" has been set as "detail"? If some attack (expression for an XSS attack) expression has been passed, the administrator could see insecure expression. So, line 50 in edit-comments.php of WP 2.6.3 is:

    49: if ( empty($_GET['mode']) )
    50: $mode = 'detail';

    but I will suggest that it should be modified as:

    if ( empty($_GET['mode']) )
    $mode = 'list';

    I will appreciate for any comment, thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic