[wp-meta] [Making WordPress.org] #2869: $_POST does not check on existing keys in sponsor info
Making WordPress.org
noreply at wordpress.org
Thu Jun 15 10:43:10 UTC 2017
#2869: $_POST does not check on existing keys in sponsor info
--------------------------+-------------------------
Reporter: davidmosterd | Owner:
Type: enhancement | Status: new
Priority: lowest | Milestone:
Component: General | Keywords: needs-patch
--------------------------+-------------------------
The sponsor invoice info is submitted and only checked on a few nonce and
single post field. In theory certain $_POST keys could not be present.
Although this would only trigger a notice, it might be better to use PHP's
native {{{filter_input}}} mechanism.
The function is {{{save_post_sponsor}}} in the
{{{WordCamp_Post_Types_Plugin}}} class.
--
Ticket URL: <https://meta.trac.wordpress.org/ticket/2869>
Making WordPress.org <https://meta.trac.wordpress.org/>
Making WordPress.org
More information about the wp-meta
mailing list