[wp-trac] [WordPress Trac] #55853: Use of unsanitized data in wp_ajax_dashboard_widgets() (was: Use of un sanitized data.)
WordPress Trac
noreply at wordpress.org
Fri May 27 14:03:35 UTC 2022
#55853: Use of unsanitized data in wp_ajax_dashboard_widgets()
-------------------------------------+-------------------------------------
Reporter: hilayt24 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 6.1
Component: Widgets | Version:
Severity: major | Resolution:
Keywords: needs-patch good-first- | Focuses: administration,
bug | coding-standards
-------------------------------------+-------------------------------------
Changes (by SergeyBiryukov):
* keywords: => needs-patch good-first-bug
* focuses: coding-standards => administration, coding-standards
* component: Users => Widgets
* milestone: Awaiting Review => 6.1
Comment:
Hi there, welcome back to WordPress Trac! Thanks for the ticket.
I think comment:1 is correct, `$_GET['pagenow']` and `$_GET['widget']` are
compared to a fixed set of values here, so it looks like sanitizing them
is not strictly necessary.
That said, `sanitize_key()` could probably be applied here just in case.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/55853#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list