Mar
12

Check your install for unfiltered_html

Posted by Andrea under known issues

Just before the last release, the check for unfiltered_html snuck back into the code base for MU. This means that if you’re using code since then, your users can insert malicious code into your site.

Please read this forum post from Donncha for more details. You can update the wp-admin/includes/schema.php so new blogs won’t have this, and Donncha has provided a plugin to strip it off any blogs that may be using it.

It is very important that you check your codebase for this.

Share This

One Response to “Check your install for unfiltered_html”

  1. Andrea Says:
    March 28th, 2008 at 7:43 pm

    Il s’agit juste d’un test.

    Esto es sólo una prueba.

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-Spam Image



« 25 New and different ways to use WordpressMU It’s coming… »
google.load("language", "1"); var curstate = 0; var hasloaded = 0; function bnc_show_translated() { if (hasloaded == 0) { bnc_lang_callback(); hasloaded = 1; } for (i = 0; i < 1; i++) { var elem = $("bnc_original_" + i); if (elem) { if (curstate) { elem.show(); } else { elem.hide(); } } } for (i = 0; i < 1; i++) { var elem = $("bnc_trans_" + i); if (elem) { if (curstate) { elem.hide(); } else { elem.show(); } } } if (curstate) { $("bnc_trans_state1").show(); $("bnc_trans_state2").hide(); curstate = 0; } else { $("bnc_trans_state1").hide(); $("bnc_trans_state2").show(); curstate = 1; } } function bnc_detect_div(div_id) { var text = document.getElementById(div_id); if (text) { text = text.innerHTML; if (text.length > 0) { google.language.detect(text, function(result) { if (!result.error) { if (result.language != "en") { if (result.confidence > 0.25) { $("bnc_translating").show(); bnc_xlate_div(result.language, div_id, "en"); } } } } ); } } } function bnc_xlate_div(src_lang,div_id,o_lang) { var text = document.getElementById(div_id); if (text) { text = text.innerHTML; google.language.translate(text, src_lang, o_lang, function(result) { var translated = document.getElementById(div_id); if (result.translation) { translated.innerHTML = result.translation; } }); } } function bnc_lang_callback() { bnc_xlate_div("en", "bnc_lang_i_0_62", "en"); bnc_xlate_div("en", "bnc_lang_i_1_62", "en"); } function bnc_startup() { bnc_xlate_div("en", "bnc_translate_info", "en"); bnc_xlate_div("en", "bnc_translate_info2", "en"); bnc_detect_div("bnc_lang_i_0_62");bnc_detect_div("bnc_lang_i_1_62"); } google.setOnLoadCallback(bnc_startup);
Close
E-mail It
This blog has been fine-tuned with 13 WordPress Tweaks.