[wp-trac] [WordPress Trac] #55854: Use of un sanitized data.
WordPress Trac
noreply at wordpress.org
Fri May 27 05:39:58 UTC 2022
#55854: Use of un sanitized data.
------------------------------+--------------------------------------
Reporter: hilayt24 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: major | Keywords: needs-patch dev-feedback
Focuses: coding-standards |
------------------------------+--------------------------------------
In the "wp-admin/includes/ajax-actions.php," there are much data that is
unsanitized. Below is one example of it. I think it is good to sanitize
all the fields properly to avoid unwanted scenarios.
{{{
$pagenow = $_GET['pagenow'];
if ( 'dashboard-user' === $pagenow || 'dashboard-network' ===
$pagenow || 'dashboard' === $pagenow ) {
set_current_screen( $pagenow );
}
switch ( $_GET['widget'] ) {
case 'dashboard_primary':
wp_dashboard_primary();
break;
}
}}}
Here the $_GET fields are used without any sanitization.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55854>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list