* Kai Hendry: > On 2005-10-26T00:40-0700 Matt Mullenweg wrote: >> >I need a Wordpress release with the updated "Snoopy version 1.2.1. ASAP. >> Could you confirm this affects WP? We use an older version of Snoopy >> that has been modified, and the only calls to it are hard-coded RSS >> feeds, so I don't think this would actually be exploitable. > > I don't have time to check this out. The exploit seems to require snoopy > to be subclassed by something and then a direct argument fed to it.
I'm not sure if this is true in general, but since offsiteok is not set, this seems to be correct in the Wordpress case. Since the only strings which are given to Snoopy start with "http://";, Wordpress should be on the safe side. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
