[wp-trac] [WordPress Trac] #37192: Validate before sanitizing when processing REST Request arguments
WordPress Trac
noreply at wordpress.org
Tue Aug 2 15:30:22 UTC 2016
#37192: Validate before sanitizing when processing REST Request arguments
---------------------------------------------+--------------------------
Reporter: danielbachhuber | Owner: rachelbaker
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.6
Component: REST API | Version: 4.4
Severity: normal | Resolution: fixed
Keywords: has-patch has-unit-tests commit | Focuses:
---------------------------------------------+--------------------------
Comment (by schlessera):
@joehoyle In this case, at least the naming is off.
Validation is what you do to make sure user input is valid. This includes
checking accepted type, accepted content and matching context.
Sanitization is a transformation you do on data to make it safe for
storing, to prevent stuff like SQL injection.
Disregarding the naming, though, it should also be obvious that you
shouldn't have valid data that the user provided become invalid before
doing the actual validation check.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37192#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list