Skip to:
Content

bbPress.org

Opened 10 years ago

Closed 10 years ago

#2719 closed defect (bug) (fixed)

Improve form field post request retention

Reported by: johnjamesjacoby's profile johnjamesjacoby Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6 Priority: high
Severity: major Version:
Component: Tools - Code Improvements Keywords: has-patch
Cc:

Description

When submitting a theme-side form, bbPress retains form field data to avoid the possibility of losing user submitted data should an error occur. These fields and their _form_ functions are a bit too trusting in their approach, and are mildly susceptible to a simple form of cross-site request forgery allowing form data to be set without user input.

The good news here (and why I'm publishing this publicly here) is all user input appears to be appropriately validated before it's saved, making this less of an exploit and more of an unintended consequence of a convenience feature.

The bad news is it affects several fields across the forum, topic, and reply components, making it a relatively sprawling change. I'm creating this ticket to get more eyes on the fix, and see if anything else smells similarly funky.

Attachments (1)

2719.patch (9.7 KB) - added by johnjamesjacoby 10 years ago.

Download all attachments as: .zip

Change History (5)

#1 @johnjamesjacoby
10 years ago

In 5558:

Improve form field output sanitization when posting theme-side forum/topic/reply content. Thanks planetzuda. See #2719.

#2 @johnjamesjacoby
10 years ago

In 5559:

Update to newer slashing functions, as our minimum requirement is WordPress 3.6.

Also add filters to topic-title & topic-tags form fields. See #2719.

#3 @netweb
10 years ago

  • Owner set to johnjamesjacoby

What else is left to do here?

#4 @johnjamesjacoby
10 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I don't think anything. Thanks for the nudge.

Note: See TracTickets for help on using tickets.