Coding issue I think we need to fix | WordPress.org

The Hack Repair Guy
(@tvcnet)

10 years, 12 months ago

Hi WordPress Peeps,
The url replacements performed by the plugin does not use the esc_url() function. This may leave the content open to XSS attacks when intentionally-malformed urls are injected into the content.

This plugin is installed on so many commercial websites I’m hoping there is someone out there who can recommend a fix to the developer.

This plugin is simply too valuable to the WordPress community to be dropped from the repository or abandoned completely. Who can help?

https://wordpress.org/plugins/wordpress-https/

Viewing 1 replies (of 1 total)

Thread Starter The Hack Repair Guy
(@tvcnet)

10 years, 12 months ago

Ah, I see there may already be some open suggestions for improvement. Hopefully Mike Ems will take note.

https://github.com/blueliquiddesigns/wordpress-https

Good stuff!

Viewing 1 replies (of 1 total)

The topic ‘Coding issue I think we need to fix’ is closed to new replies.

1 reply
1 participant
Last reply from: The Hack Repair Guy
Last activity: 10 years, 12 months ago
Status: not resolved