[wp-trac] [WordPress Trac] #63188: Getting Header "REMOTE_ADDR" is user-controlled and should be properly validated before use errors into the core files.
WordPress Trac
noreply at wordpress.org
Fri Mar 28 13:04:16 UTC 2025
#63188: Getting Header "REMOTE_ADDR" is user-controlled and should be properly
validated before use errors into the core files.
---------------------------------------+-------------------------------
Reporter: viralsampat | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: needs-testing 2nd-opinion | Focuses: coding-standards
---------------------------------------+-------------------------------
Changes (by audrasjb):
* keywords: dev-feedback needs-testing 2nd-opinion => needs-testing 2nd-
opinion
Comment:
Hello, thanks for the ticket and patch,
Some thoughts:
- there is a wrong `$remore_addr` var name
- I think the inline comments are unnecessary
- I'm wondering whether we really need to validate these values since it
appears they are never used directly. By the way, even if there is no
security threat, it's better if we follow our own best practices. So I'm
inclined to say "yes" :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63188#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list