[wp-trac] [WordPress Trac] #18637: Poor regex used in admin-ajax.php for user UI state
WordPress Trac
wp-trac at lists.automattic.com
Sun Sep 11 19:07:44 UTC 2011
#18637: Poor regex used in admin-ajax.php for user UI state
----------------------------+--------------------
Reporter: MarcusPope | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.3
Component: Administration | Version: 3.2.1
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+--------------------
Comment (by azaozz):
No, that still won't work. `sanitize_key( $page )` will always return
something (unless all the characters in the slug are bad, i.e.
'$%#@%$#@%'), so
{{{
if ( ! $page = sanitize_key( $page ) )
}}}
will always be true and we may end up saving useless inaccessible data as
@nacin [http://core.trac.wordpress.org/ticket/18637#comment:4 mentioned].
I don't see a reason to change the behaviour there: we are expecting a
page slug that has been sanitized with `sanitize_key()`. If what we are
getting doesn't pass the same sanitization unchanged, it's bad.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18637#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list