[wp-trac] [WordPress Trac] #46536: wp_create_user_request should sanitize the action_name using _wp_privacy_action_request_types

WordPress Trac noreply at wordpress.org
Fri Sep 18 10:46:01 UTC 2020

#46536: wp_create_user_request should sanitize the action_name using
 Reporter:  garrett-eclipse                      |       Owner:  garrett-
                                                 |  eclipse
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  normal                               |   Milestone:  5.6
Component:  Privacy                              |     Version:  4.9.6
 Severity:  normal                               |  Resolution:
 Keywords:  has-patch has-unit-tests needs-      |     Focuses:
  testing                                        |

Comment (by birgire):

 Thanks Garrett

 This looks good. As I understand it, the original design was not to
 support any ad-hoc request type, I hope I understand that correctly,
 because of the existing {{{_wp_privacy_action_request_types()}}} checks.

 I wonder if the original ticket number of the {{{test_invalid_action()}}}
 test case should be kept and the new ticket number added to it, like:

   * @ticket 44707
   * @ticket 46536
   public function test_invalid_action() {


 The action keys and their strings sounds rather general:

  WP_Error( 'invalid_action', __( 'Invalid action name.' ) );
  WP_Error( 'missing_action', __( 'Missing action name.' ) );

 I also wonder if these strings would benefit from a translation context?
 (then in another ticket if needed)

Ticket URL: <https://core.trac.wordpress.org/ticket/46536#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list