[wp-trac] [WordPress Trac] #37403: register_meta function does not properly check variable type or key existence (of an array variable) before use
WordPress Trac
noreply at wordpress.org
Mon Jul 18 20:07:16 UTC 2016
#37403: register_meta function does not properly check variable type or key
existence (of an array variable) before use
--------------------------------+-------------------------
Reporter: chriscct7 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.6
Component: Options, Meta APIs | Version:
Severity: normal | Keywords: needs-patch
Focuses: |
--------------------------------+-------------------------
In the register_meta function, there are several cases where variables are
allowed to be filtered, for example the $args parameter via the
`register_meta_args` filter. However, once that filter is called, further
down in the function, there are cases where the object type or existence
of a key isn't checked before being used, allowing for a fatal error for
example in the
`if ( is_callable( $args['sanitize_callback'] ) ) {` or `if ( is_callable(
$args['auth_callback'] ) ) {` or `if ( $has_old_sanitize_cb &&
is_callable( $args['sanitize_callback'] ) ) {` lines
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37403>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list