WordPress napada XSS crvNije trebalo dugo cekati da nakon starta WordPress verzije 2.2.1 dodje do otkrivanja sigurnosnih propusta kako nam to demostrira mybeNi websecurity. Naravno da se isplati procitati ovaj tekst iako se u demostraciji radi o jednom “dobronamjernom” XSS crvu koji nam samo treba ukazati na propuste, ali ne treba se zavaravati, ovakva stiva ne citaju samo “dobronamjerni” webmasteri. Propusti su naravno vec registrirani i u WP trac-u i sigurno je da se ocekuje update. Svi oni webmasteri koji imaju volje i znanja mogu ove rupe ( ako koriste novu verziju WordPressa) i rucno “pokrpati”. Njemacki bloger Bueltge donosi rjesenje za zatvaranje ovih sigurnosnih propusta u WordPressu 2.2.1. Sigurnosne rupe mozete zatvoriti na slijedeci nacin:

wp-admin/upload-functions.php red 109
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option(’siteurl’) . "/wp-admin/upload.php?style=$style&amp;tab=upload&amp;post_id=$post_id"; ?>">
promijenite u:
<form<?php echo $enctype; ?> id="upload-file" method="post" action="<?php echo get_option(’siteurl’) . "/wp-admin/upload.php?style=" . attribute_escape($style) . "&amp;tab=upload&amp;post_id=" . attribute_escape($post_id); ?>">
wp-includes/functions.php izmjenite red 206 u:
function get_option($setting) {
global $wpdb;
$setting = $wpdb->escape($setting);
// Allow plugins to short-circuit options.
$pre = apply_filters( ‘pre_option_’ . $setting, false );
wp-includes/functions.php red 386 izmjenite u:
function delete_option($name) {
global $wpdb;
$name = $wpdb->escape($name);
wp_protect_special_option($name);
wp-admin/link-import.php red 76
$cat_id = $_POST[’cat_id’];
if ( $cat_id == ‘’ || $cat_id == 0 )
promijenite u:
$cat_id = (int) $_POST[’cat_id’];
if ( $cat_id < 1 )
wp-admin/edit-comments.php red 78
if ( isset( $_GET[’apage’] ) )
promijenite u:
if ( isset( $_GET[’apage’] ) ) {
$page = (int) $_GET[’apage’];
if($page < 1)
$page = 1;
}