[wp-trac] [WordPress Trac] #40825: Re-addressing validation/sanitization of IDs to allow filtering before WP_Post (and others) database query
WordPress Trac
noreply at wordpress.org
Tue Sep 26 21:47:28 UTC 2017
#40825: Re-addressing validation/sanitization of IDs to allow filtering before
WP_Post (and others) database query
-------------------------------+------------------------------------
Reporter: LindsayBSC | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Posts, Post Types | Version: 4.7.5
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses: template, performance
-------------------------------+------------------------------------
Comment (by diddledan):
I've been looking over this lately and it does a great job of allowing
remote content to be used as if it were local. Having the overriding
filter only operate when getting data and not on writing data looks to
satisfy the security concerns of allowing arbitrary IDs to be sent to the
database in my opinion.
+1 from me :-)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40825#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list