[wp-trac] [WordPress Trac] #38477: Missing validation while posting comment via REST API
WordPress Trac
noreply at wordpress.org
Wed Oct 26 04:06:53 UTC 2016
#38477: Missing validation while posting comment via REST API
-------------------------------------+--------------------
Reporter: mangeshp | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.7
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: has-patch needs-refresh | Focuses:
-------------------------------------+--------------------
Changes (by rachelbaker):
* keywords: has-patch => has-patch needs-refresh
Comment:
@mangeshp Thank you for the patches.
`a at b.c` is a valid email according to the
[https://tools.ietf.org/html/rfc2822 RFC]. We already check `is_email()`
with `rest_validate_request_arg()` so there is no need to duplicate the
logic here.
In your patch it looks like you are only checking the lengths of values
when a comment is created AND only if the `require_name_email` option is
enabled. It would be better to move the string length checks into the
`prepare_item_for_database()` method so we can check lengths on update
actions as well.
@salcode was already working on a patch via Github here:
https://github.com/WP-API/WP-API/pull/2858 that also included unit tests,
but needed to be converted to a Trac patch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38477#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list