[wp-trac] [WordPress Trac] #55853: Use of unsanitized data in wp_ajax_dashboard_widgets() (was: Use of un sanitized data.)

WordPress Trac noreply at wordpress.org
Fri May 27 14:03:35 UTC 2022

#55853: Use of unsanitized data in wp_ajax_dashboard_widgets()
 Reporter:  hilayt24                 |       Owner:  (none)
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  6.1
Component:  Widgets                  |     Version:
 Severity:  major                    |  Resolution:
 Keywords:  needs-patch good-first-  |     Focuses:  administration,
  bug                                |  coding-standards
Changes (by SergeyBiryukov):

 * keywords:   => needs-patch good-first-bug
 * focuses:  coding-standards => administration, coding-standards
 * component:  Users => Widgets
 * milestone:  Awaiting Review => 6.1


 Hi there, welcome back to WordPress Trac! Thanks for the ticket.

 I think comment:1 is correct, `$_GET['pagenow']` and `$_GET['widget']` are
 compared to a fixed set of values here, so it looks like sanitizing them
 is not strictly necessary.

 That said, `sanitize_key()` could probably be applied here just in case.

Ticket URL: <https://core.trac.wordpress.org/ticket/55853#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list