[wp-trac] [WordPress Trac] #37192: Validate before sanitizing when processing REST Request arguments

WordPress Trac noreply at wordpress.org
Tue Aug 2 15:30:22 UTC 2016


#37192: Validate before sanitizing when processing REST Request arguments
---------------------------------------------+--------------------------
 Reporter:  danielbachhuber                  |       Owner:  rachelbaker
     Type:  defect (bug)                     |      Status:  closed
 Priority:  normal                           |   Milestone:  4.6
Component:  REST API                         |     Version:  4.4
 Severity:  normal                           |  Resolution:  fixed
 Keywords:  has-patch has-unit-tests commit  |     Focuses:
---------------------------------------------+--------------------------

Comment (by schlessera):

 @joehoyle In this case, at least the naming is off.

 Validation is what you do to make sure user input is valid. This includes
 checking accepted type, accepted content and matching context.

 Sanitization is a transformation you do on data to make it safe for
 storing, to prevent stuff like SQL injection.

 Disregarding the naming, though, it should also be obvious that you
 shouldn't have valid data that the user provided become invalid before
 doing the actual validation check.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37192#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list