Download
2015-03-27, 06:19:10
I entered a simple script into the header
<script type-"text/javascript" src="<?php get_site_url(); ?>/data/uploads/myScript.js"></script>
And a simpler one in the footer:
<?php get_site_url(); ?>
(to verify the actual path)
After saving, the admin page hangs.
In fact, if I look at the data/other/header-footer.xml file, the previous version (with js syntax errors) is still there.
Fixing the xml file doesn't help.
The file seems to use weird codes for the LFs. I am on a Mac, so no CRLFs.
Also, all the "<" and ">" tag brackets have been changed to "<" and ">" resp., except for those of the initial XML (item, header, footer).
What could be wrong?
Is the header-footer plugin robust against js syntax errors?
Otherwise that could also present a vulnerability.
<script type-"text/javascript" src="<?php get_site_url(); ?>/data/uploads/myScript.js"></script>
And a simpler one in the footer:
<?php get_site_url(); ?>
(to verify the actual path)
After saving, the admin page hangs.
In fact, if I look at the data/other/header-footer.xml file, the previous version (with js syntax errors) is still there.
Fixing the xml file doesn't help.
The file seems to use weird codes for the LFs. I am on a Mac, so no CRLFs.
Also, all the "<" and ">" tag brackets have been changed to "<" and ">" resp., except for those of the initial XML (item, header, footer).
What could be wrong?
Is the header-footer plugin robust against js syntax errors?
Otherwise that could also present a vulnerability.
