WordPress 3.2.1 core module post-template.php XSS vulnerability and repair

Author: Darshit Ashara
Date: 21/08/2011
Vendor: Wordpress
Version: 3.2.1

Incorrect WordPress core module code (post-template.php)
This causes cross-site scripting.
I can simply update
View plaincopy to clipboardprint?
</A> <script> alert ('1'); </script> <a>
</A> <script> alert ('1'); </script> <a>
Will affect the index page and the back page.
The vulnerability has been notified to the official website.
The following www.2cto.com is a temporary repair method:
View plaincopy to clipboardprint?

/* This will page XSS in Index Page */
Vulnerable Code Part 1
Function the_title ($ before = '', $ after ='', $ echo = true ){
$ Title = get_the_title ();
 
If (strlen ($ title) = 0)
Return;
 
$ Title = $ before. $ title. $ after;
 
If ($ echo)
Echo htmlentities ($ title);/* Line No 52 Patch */
Else
Return htmlentities ($ title);/* Line No 54 Patch */
}
 
 
Vulnerable Code Part 2
Function the_title_attribute ($ args = ''){
$ Title = get_the_title ();
 
If (strlen ($ title) = 0)
Return;
 
$ Defaults = array ('before' => '', 'after' =>'', 'echo '=> true );
$ R = wp_parse_args ($ args, $ defaults );
Extract ($ r, EXTR_SKIP );
 
 
$ Title = $ before. $ title. $ after;
$ Title = esc_attr (strip_tags ($ title ));
 
If ($ echo)
Echo htmlentities ($ title);/* Line No 87 Patch here By adding htmlentities */
Else
Return htmlentities ($ title);/* Line No 89 Patch */
}
 
/* This will Patch XSS in Post page */
 
Vulnerable Code Part 3
Function get_the_title ($ id = 0 ){
$ Post = & get_post ($ id );
 
$ Title = isset ($ post-> post_title )? $ Post-> post_title :'';
$ Id = isset ($ post-> ID )? $ Post-> ID: (int) $ id;
 
If (! Is_admin ()){
If (! Emptyempty ($ post-> post_password )){
$ Protected_title_format = apply_filters ('protected _ title_format ', _ ('protected: % s '));
$ Title = sprintf ($ protected_title_format, $ title );
} Else if (isset ($ post-> post_status) & 'private' ==$ post-> post_status ){
$ Private_title_format = apply_filters ('private _ title_format ', _ ('private: % s '));
$ Title = sprintf ($ private_title_format, $ title );
}
}
Return htmlentities (apply_filters ('the _ title', $ title, $ id);/* Line No 119 Patch */
}
 
/* This will page XSS in Index Page */
Vulnerable Code Part 1
Function the_title ($ before = '', $ after ='', $ echo = true ){
$ Title = get_the_title ();

If (strlen ($ title) = 0)
Return;

$ Title = $ before. $ title. $ after;

If ($ echo)
Echo htmlentities ($ title);/* Line No 52 Patch */
Else
Return htmlentities ($ title);/* Line No 54 Patch */
}

Vulnerable Code Part 2
Function the_title_attribute ($ args = ''){
$ Title = get_the_title ();

If (strlen ($ title) = 0)
Return;

$ Defaults = array ('before' => '', 'after' =>'', 'echo '=> true );
$ R = wp_parse_args ($ args, $ defaults );
Extract ($ r, EXTR_SKIP );

$ Title = $ before. $ title. $ after;
$ Title = esc_attr (strip_tags ($ title ));

If ($ echo)
Echo htmlentities ($ title);/* Line No 87 Patch here By adding htmlentities */
Else
Return htmlentities ($ title);/* Line No 89 Patch */
}

/* This will Patch XSS in Post page */

Vulnerable Code Part 3
Function get_the_title ($ id = 0 ){
$ Post = & get_post ($ id );

$ Title = isset ($ post-> post_title )? $ Post-> post_title :'';
$ Id = isset ($ post-> ID )? $ Post-> ID: (int) $ id;

If (! Is_admin ()){
If (! Empty ($ post-> post_password )){
$ Protected_title_format = apply_filters ('protected _ title_format ', _ ('protected: % s '));
$ Title = sprintf ($ protected_title_format, $ title );
} Else if (isset ($ post-> post_status) & 'private' ==$ post-> post_status ){
$ Private_title_format = apply_filters ('private _ title_format ', _ ('private: % s '));
$ Title = sprintf ($ private_title_format, $ title );
}
}
Return htmlentities (apply_filters ('the _ title', $ title, $ id);/* Line No 119 Patch */
}

Source: fallen leaves's Blog