[wp-trac] [WordPress Trac] #60470: Use `filter_input` instead of superglobals where possible
WordPress Trac
noreply at wordpress.org
Wed Feb 7 19:50:25 UTC 2024
#60470: Use `filter_input` instead of superglobals where possible
-------------------------+-----------------------------
Reporter: kkmuffme | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
The `$_SERVER`, `$_GET`, and `$_POST` variables are inherently unsafe and
shouldn't be used, as they can be modified in userland.
`filter_input` should be used instead - for cases where there is no
appropriate sanitizing available the FILTER_CALLBACK flag can be used with
the WP sanitizing function, e.g. FILTER_CALLBACK
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60470>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list