Skip to content

Instantly share code, notes, and snippets.

@hannob
Created April 27, 2015 14:52
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save hannob/a07f7b7e196c75c4c1a8 to your computer and use it in GitHub Desktop.
Wordpress 4.2 XSS emergency fix
--- wordpress/wp-comments-post.php 2015-01-08 08:05:25.000000000 +0100
+++ htdocs/wp-comments-post.php 2015-04-27 16:50:24.250000000 +0200
@@ -12,6 +12,12 @@
exit;
}
+$psize=0;
+foreach($_POST as $p) {
+ $psize += strlen($p);
+}
+if ($psize > 50000) die("Comment too large");
+
/** Sets up the WordPress Environment. */
require( dirname(__FILE__) . '/wp-load.php' );
@hannob
Copy link
Author

hannob commented Apr 27, 2015

This patch is obsolete now, please use the official upstream fix in wordpress 4.2.1:
https://wordpress.org/news/2015/04/wordpress-4-2-1/

@GuillaumeLeclerc the problem is a bit tricky. The filter is applied, but the data is truncated later. And browsers do trickery to try to interpret invalid code which in this case leads to the truncation creating javascript the browser can interpret.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment