[wp-trac] [WordPress Trac] #55854: Use of un sanitized data.

WordPress Trac noreply at wordpress.org
Fri May 27 05:39:58 UTC 2022


#55854: Use of un sanitized data.
------------------------------+--------------------------------------
 Reporter:  hilayt24          |      Owner:  (none)
     Type:  enhancement       |     Status:  new
 Priority:  normal            |  Milestone:  Awaiting Review
Component:  Users             |    Version:
 Severity:  major             |   Keywords:  needs-patch dev-feedback
  Focuses:  coding-standards  |
------------------------------+--------------------------------------
 In the "wp-admin/includes/ajax-actions.php," there are much data that is
 unsanitized. Below is one example of it. I think it is good to sanitize
 all the fields properly to avoid unwanted scenarios.


 {{{
 $pagenow = $_GET['pagenow'];
         if ( 'dashboard-user' === $pagenow || 'dashboard-network' ===
 $pagenow || 'dashboard' === $pagenow ) {
                 set_current_screen( $pagenow );
         }

         switch ( $_GET['widget'] ) {
                 case 'dashboard_primary':
                         wp_dashboard_primary();
                         break;
         }
 }}}

 Here the $_GET fields are used without any sanitization.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/55854>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list