[wp-trac] [WordPress Trac] #54182: Use wp_unslash() for $_REQUEST Parameter in wp-admin/admin-post.php file
WordPress Trac
noreply at wordpress.org
Thu Sep 30 20:56:30 UTC 2021
#54182: Use wp_unslash() for $_REQUEST Parameter in wp-admin/admin-post.php file
-------------------------------------+-------------------------------------
Reporter: yagniksangani | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.8.1
Severity: normal | Resolution:
Keywords: reporter-feedback has- | Focuses: administration,
patch | coding-standards
-------------------------------------+-------------------------------------
Changes (by sabernhardt):
* keywords: reporter-feedback => reporter-feedback has-patch
Comment:
14 other files in the wp-admin directory also use `$_REQUEST['action']`
without `wp_unslash`. If the change is necessary in admin-post.php, those
may need the same.
Since changeset:41205, the two files with `$_REQUEST['action']` in wp-
includes both use the function
([https://core.trac.wordpress.org/browser/trunk/src/wp-includes/class-wp-
customize-manager.php?rev=51730#L430 class-wp-customize-manager.php] and
[https://core.trac.wordpress.org/browser/trunk/src/wp-
includes/theme.php?rev=51791#L3404 theme.php]).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/54182#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list