WordPress.org

Make WordPress Core

Ticket #18637: 18637.patch

File 18637.patch, 888 bytes (added by ocean90, 9 years ago)

  • wp-admin/admin-ajax.php

     
    10251025
    10261026        $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    10271027
    1028         if ( !preg_match( '/^[a-z_-]+$/', $page ) )
     1028        if ( ! sanitize_key( $page ) )
    10291029                die('-1');
    10301030
    10311031        if ( ! $user = wp_get_current_user() )
     
    10471047        $hidden = explode( ',', $_POST['hidden'] );
    10481048        $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    10491049
    1050         if ( !preg_match( '/^[a-z_-]+$/', $page ) )
     1050        if ( ! sanitize_key( $page ) )
    10511051                die('-1');
    10521052
    10531053        if ( ! $user = wp_get_current_user() )
     
    11461146
    11471147        $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    11481148
    1149         if ( !preg_match( '/^[a-z_-]+$/', $page ) )
     1149        if ( ! sanitize_key( $page ) )
    11501150                die('-1');
    11511151
    11521152        if ( ! $user = wp_get_current_user() )