Skip Navigation

This is the technical support forum for WPML - the multilingual WordPress plugin.

Everyone can read, but only WPML clients can post here. WPML team is replying on the forum 6 days per week, 22 hours per day.

Tagged: 

This topic contains 2 replies, has 2 voices.

Last updated by desireeM 7 months, 4 weeks ago.

Assigned support staff: Sumit.

Author Posts
January 26, 2021 at 8:33 pm #7935737

desireeM

Our error logs are filled with these errors, as there are bots trying out to XSS the sites.

the issue happens e.g. when requesting an url like:
hidden link">

The issue is in absolute-links.class.php in AbsoluteLinks::_process_generic_text function, specifically:
$text = preg_replace( array_keys( $def_url ), array_values( $def_url ), $text );

I don't have the debug info available, but it's irrelevant since I already provided you with the exact line where the error happens in your code & how you can reproduce it.

January 27, 2021 at 2:40 pm #7942251

Sumit
Supporter

Languages: English (English )

Timezone: Asia/Kolkata (GMT+05:30)

Hi,

Thank you for contacting the support forum.

I tried the steps but I can not reproduce the issue. Adding ?lang="> does nothing and loads the page completely.
If you can not provide the debug info then can you please reproduce the issue in our sandbox site hidden link ?
This will help a lot.

Thanks

January 28, 2021 at 9:44 pm #7956679

desireeM

Ah nvm, issue was solved in the newest versions