Skip to:
Content

bbPress.org

Opened 9 years ago

Closed 8 years ago

#2719 closed defect (bug) (fixed)

Improve form field post request retention

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6 Priority: high
Severity: major Version:
Component: Tools - Code Improvements Keywords: has-patch
Cc:

Description

When submitting a theme-side form, bbPress retains form field data to avoid the possibility of losing user submitted data should an error occur. These fields and their _form_ functions are a bit too trusting in their approach, and are mildly susceptible to a simple form of cross-site request forgery allowing form data to be set without user input.

The good news here (and why I'm publishing this publicly here) is all user input appears to be appropriately validated before it's saved, making this less of an exploit and more of an unintended consequence of a convenience feature.

The bad news is it affects several fields across the forum, topic, and reply components, making it a relatively sprawling change. I'm creating this ticket to get more eyes on the fix, and see if anything else smells similarly funky.

Attachments (1)

2719.patch (9.7 KB) - added by johnjamesjacoby 9 years ago.

Download all attachments as: .zip

Change History (5)

#1 @johnjamesjacoby
9 years ago

In 5558:

Improve form field output sanitization when posting theme-side forum/topic/reply content. Thanks planetzuda. See #2719.

#2 @johnjamesjacoby
9 years ago

In 5559:

Update to newer slashing functions, as our minimum requirement is WordPress 3.6.

Also add filters to topic-title & topic-tags form fields. See #2719.

#3 @netweb
8 years ago

  • Owner set to johnjamesjacoby

What else is left to do here?

#4 @johnjamesjacoby
8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I don't think anything. Thanks for the nudge.

Note: See TracTickets for help on using tickets.