[wp-trac] [WordPress Trac] #11623: review options list and update sanitize_option()
WordPress Trac
noreply at wordpress.org
Mon Jan 21 01:52:52 UTC 2019
#11623: review options list and update sanitize_option()
------------------------------------------+----------------------
Reporter: dd32 | Owner: dd32
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 2.9
Severity: normal | Resolution: wontfix
Keywords: needs-patch needs-unit-tests | Focuses:
------------------------------------------+----------------------
Comment (by dd32):
Replying to [comment:10 iandunn]:
> @dd32, do you think this is no longer needed, or should it be reopened?
@iandunn IMHO: There exists options which could certainly be sanitized as
a hardening exercise to preempt any future security issues pertaining to
the usage of them unsanitized.
I do not know of any specific vulnerabilities, but I do know that the
options handled by the list hasn't changed significantly in the last 9
years. Many options are sanitized elsewhere though, so the lack of the
option from the function doesn't mean it's a problem.
As to whether this is worth re-opening, That would depend on if someone
was willing to go through the core options, verify the uses of them all
and pre-emptively add the simple-validators where needed. If there's not,
there's no point in having this ticket still open when there's no known
(and nothing came up in near-ten-years which points to this) issues
related to it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/11623#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list