[wp-trac] [WordPress Trac] #63188: Getting Header "REMOTE_ADDR" is user-controlled and should be properly validated before use errors into the core files.
WordPress Trac
noreply at wordpress.org
Fri Mar 28 10:38:01 UTC 2025
#63188: Getting Header "REMOTE_ADDR" is user-controlled and should be properly
validated before use errors into the core files.
-------------------------+-------------------------------------------------
Reporter: viralsampat | Owner: (none)
Type: defect | Status: new
(bug) |
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords: dev-feedback needs-testing 2nd-
Focuses: coding- | opinion
standards |
-------------------------+-------------------------------------------------
Hello Team,
I have checked wp-admin WordPress core files and I have found this "Header
"REMOTE_ADDR" is user-controlled and should be properly validated before
use" error for few files. I think that it should be resolve.
Here, I have listed files:
src/wp-includes/class-wp-application-passwords.php
src/wp-includes/class-wp-session-tokens.php
src/wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php
src/wp-includes/user.php
I have tested this into the WordPress 6.8-beta1.
Thanks,
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63188>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list