Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Wp 6.7.1 #2223

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

removed debugging files

d608943
Select commit
Loading
Failed to load commit list.
Open

Wp 6.7.1 #2223

removed debugging files
d608943
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL succeeded Jan 8, 2025 in 6s

15 new alerts including 15 medium severity security vulnerabilities

New alerts in code changed by this pull request

Security Alerts:

  • 15 medium

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 204 in wp/wp-admin/js/edit-comments.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check warning on line 433 in wp/wp-admin/js/edit-comments.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check warning on line 436 in wp/wp-admin/js/edit-comments.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check warning on line 443 in wp/wp-admin/js/edit-comments.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check failure on line 1186 in wp/wp-admin/js/edit-comments.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check failure on line 346 in wp/wp-admin/js/editor.js

See this annotation in the file changed.

Code scanning / CodeQL

Useless regular-expression character escape High

The escape sequence '\s' is equivalent to just 's', so the sequence is not a character class when it is used in a
regular expression
Loading
.

Check failure on line 346 in wp/wp-admin/js/editor.js

See this annotation in the file changed.

Code scanning / CodeQL

Useless regular-expression character escape High

The escape sequence '\s' is equivalent to just 's', so the sequence is not a character class when it is used in a
regular expression
Loading
.

Check warning on line 220 in wp/wp-admin/js/inline-edit-post.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check failure on line 515 in wp/wp-admin/js/inline-edit-post.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check warning on line 1023 in wp/wp-admin/js/nav-menu.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check warning on line 1426 in wp/wp-admin/js/nav-menu.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.
DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check failure on line 2375 in wp/wp-admin/js/updates.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check failure on line 385 in wp/wp-admin/js/user-profile.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check warning on line 433 in wp/wp-admin/js/user-profile.js

See this annotation in the file changed.

Code scanning / CodeQL

DOM text reinterpreted as HTML Medium

DOM text
Loading
is reinterpreted as HTML without escaping meta-characters.

Check failure on line 34645 in wp/wp-includes/js/dist/block-editor.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This replaces only the first occurrence of '}'.

Check failure on line 16898 in wp/wp-includes/js/dist/block-library.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete regular expression for hostnames High

This regular expression has an unrestricted wildcard '.+' which may cause 'imgur\.com' to be matched anywhere in the URL, outside the hostname.

Check failure on line 16990 in wp/wp-includes/js/dist/block-library.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete regular expression for hostnames High

This regular expression has an unrestricted wildcard '.+' which may cause 'smugmug\.com' to be matched anywhere in the URL, outside the hostname.

Check failure on line 17033 in wp/wp-includes/js/dist/block-library.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete regular expression for hostnames High

This regular expression has an unrestricted wildcard '.+' which may cause 'tumblr\.com' to be matched anywhere in the URL, outside the hostname.

Check failure on line 5708 in wp/wp-includes/js/dist/blocks.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.

Check failure on line 32662 in wp/wp-includes/js/dist/components.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This replaces only the first occurrence of /['\u2019]/.

Check failure on line 1092 in wp/wp-includes/js/dist/format-library.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check failure on line 97 in wp/wp-includes/js/tinymce/plugins/wplink/plugin.js

See this annotation in the file changed.

Code scanning / CodeQL

Inefficient regular expression High

This part of the regular expression may cause exponential backtracking on strings starting with 'http://!' and containing many repetitions of '!'.

Check failure on line 258 in wp/wp-includes/js/tinymce/plugins/wplink/plugin.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete URL scheme check High

This check does not consider vbscript:.

Check failure on line 336 in wp/wp-includes/js/tinymce/plugins/wplink/plugin.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete multi-character sanitization High

This string may still contain
<script
Loading
, which may cause an HTML element injection vulnerability.

Check failure on line 3 in wp/wp-includes/js/tinymce/wp-tinymce.js

See this annotation in the file changed.

Code scanning / CodeQL

Incomplete string escaping or encoding High

This does not escape backslash characters in the input.