[wp-trac] [WordPress Trac] #65051: $_REQUEST['term'] used unsanitized in user search query
WordPress Trac
noreply at wordpress.org
Thu Apr 9 10:54:56 UTC 2026
#65051: $_REQUEST['term'] used unsanitized in user search query
-------------------------------------+-------------------------------
Reporter: rajeshcp | Owner: rajeshcp
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: Awaiting Review
Component: General | Version: trunk
Severity: major | Resolution:
Keywords: has-patch needs-testing | Focuses: coding-standards
-------------------------------------+-------------------------------
Changes (by gaurangsondagar):
* focuses: => coding-standards
Comment:
Tested the patch and confirmed the issue: https://github.com/WordPress
/wordpress-
develop/pull/11530/commits/5eed1c8ea50eb3dfda7605749f267bf9e3234dc3
Environment:
- WordPress: 7.1-alpha-62161-src
- PHP: 8.3.30
- Browser: Chrome
- Database: MySQL 8.4.8
- OS: Ubuntu
1) The current implementation uses `$_REQUEST[term]` directly without
sanitization.
2) The patch correctly applies 'wp_unslash()' and 'sanitize_text_field()',
which aligns with WordPress data handling standards.
3) Verified that the user search functionality continues to work as
expected after the change.
This is a valid security improvement and works as expected
Screenshot for reference: https://kommodo.ai/i/s2Bol19v4cwB50UNttQp
--
Ticket URL: <https://core.trac.wordpress.org/ticket/65051#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list