WordPress.org

Make WordPress Core

Changeset 18663


Ignore:
Timestamp:
09/12/11 21:48:44 (4 years ago)
Author:
nacin
Message:

Loosen validation regex to use sanitize_key() in a few AJAX locations for things like pages, orders, columns. Change return value to 0 for failure, as -1 is reserved for authentication/intention. props ocean90, azaozz, fixes #18637.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r18607 r18663  
    10261026    $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 
    10271027 
    1028     if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 
    1029         die('-1'); 
     1028    if ( $page != sanitize_key( $page ) ) 
     1029        die('0'); 
    10301030 
    10311031    if ( ! $user = wp_get_current_user() ) 
     
    10481048    $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 
    10491049 
    1050     if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 
    1051         die('-1'); 
     1050    if ( $page != sanitize_key( $page ) ) 
     1051        die('0'); 
    10521052 
    10531053    if ( ! $user = wp_get_current_user() ) 
     
    11471147    $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 
    11481148 
    1149     if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 
    1150         die('-1'); 
     1149    if ( $page != sanitize_key( $page ) ) 
     1150        die('0'); 
    11511151 
    11521152    if ( ! $user = wp_get_current_user() ) 
Note: See TracChangeset for help on using the changeset viewer.