[wp-trac] [WordPress Trac] #18637: Poor regex used in admin-ajax.php for user UI state
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 11 18:08:10 UTC 2011
#18637: Poor regex used in admin-ajax.php for user UI state
----------------------------+--------------------
Reporter: MarcusPope | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.3
Component: Administration | Version: 3.2.1
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+--------------------
Comment (by nacin):
Patch is a bit off, as sanitize_key() isn't a direct replacement for the
way preg_match() is being used.
Say you pass in a string that includes valid and invalid characters.
sanitize_key() would strip the invalid characters, but return the valid
ones. Worse, $page isn't set to the return value, so the unsanitized one
would be used.
Setting $page = sanitize_key($page) and then die(-1) if !$page seems fine.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18637#comment:4>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list