[wp-trac] [WordPress Trac] #18637: Poor regex used in admin-ajax.php for user UI state
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 12 16:44:36 UTC 2011
#18637: Poor regex used in admin-ajax.php for user UI state
----------------------------+--------------------
Reporter: MarcusPope | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.3
Component: Administration | Version: 3.2.1
Severity: normal | Resolution:
Keywords: has-patch |
----------------------------+--------------------
Comment (by nacin):
In hindsight, azaozz is correct. We're currently validating, rather than
sanitizing, and there's no reason to change it. We should use `$page !=
sanitize_key( $page )`.
die(0) is proper. We use -1 for permissions, 0 for failures.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18637#comment:12>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list