WordPress.org

Make WordPress Core

Changeset 18663


Ignore:
Timestamp:
09/12/2011 09:48:44 PM (7 years ago)
Author:
nacin
Message:

Loosen validation regex to use sanitize_key() in a few AJAX locations for things like pages, orders, columns. Change return value to 0 for failure, as -1 is reserved for authentication/intention. props ocean90, azaozz, fixes #18637.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r18607 r18663  
    10261026    $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    10271027
    1028     if ( !preg_match( '/^[a-z_-]+$/', $page ) )
    1029         die('-1');
     1028    if ( $page != sanitize_key( $page ) )
     1029        die('0');
    10301030
    10311031    if ( ! $user = wp_get_current_user() )
     
    10481048    $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    10491049
    1050     if ( !preg_match( '/^[a-z_-]+$/', $page ) )
    1051         die('-1');
     1050    if ( $page != sanitize_key( $page ) )
     1051        die('0');
    10521052
    10531053    if ( ! $user = wp_get_current_user() )
     
    11471147    $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    11481148
    1149     if ( !preg_match( '/^[a-z_-]+$/', $page ) )
    1150         die('-1');
     1149    if ( $page != sanitize_key( $page ) )
     1150        die('0');
    11511151
    11521152    if ( ! $user = wp_get_current_user() )
Note: See TracChangeset for help on using the changeset viewer.