[wp-trac] [WordPress Trac] #46536: wp_create_user_request should sanitize the action_name using _wp_privacy_action_request_types
WordPress Trac
noreply at wordpress.org
Fri Sep 18 10:46:01 UTC 2020
#46536: wp_create_user_request should sanitize the action_name using
_wp_privacy_action_request_types
-------------------------------------------------+-------------------------
Reporter: garrett-eclipse | Owner: garrett-
| eclipse
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 5.6
Component: Privacy | Version: 4.9.6
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs- | Focuses:
testing |
-------------------------------------------------+-------------------------
Comment (by birgire):
Thanks Garrett
This looks good. As I understand it, the original design was not to
support any ad-hoc request type, I hope I understand that correctly,
because of the existing {{{_wp_privacy_action_request_types()}}} checks.
I wonder if the original ticket number of the {{{test_invalid_action()}}}
test case should be kept and the new ticket number added to it, like:
{{{
* @ticket 44707
* @ticket 46536
*/
public function test_invalid_action() {
}}}
The action keys and their strings sounds rather general:
{{{
WP_Error( 'invalid_action', __( 'Invalid action name.' ) );
WP_Error( 'missing_action', __( 'Missing action name.' ) );
}}}
I also wonder if these strings would benefit from a translation context?
(then in another ticket if needed)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46536#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list