Changeset 18663

Timestamp:

09/12/2011 09:48:44 PM (14 years ago)

Author:

nacin

Message:

Loosen validation regex to use sanitize_key() in a few AJAX locations for things like pages, orders, columns. Change return value to 0 for failure, as -1 is reserved for authentication/intention. props ocean90, azaozz, fixes #18637.

File:

• trunk/wp-admin/admin-ajax.php (modified) (3 diffs)

trunk/wp-admin/admin-ajax.php

@@ -1026 +1026 @@
     $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
 
-    if ( !preg_match( '/^[a-z_-]+$/', $page ) )
-        die('-1');
+    if ( $page != sanitize_key( $page ) )
+        die('0');
 
     if ( ! $user = wp_get_current_user() )
@@ -1048 +1048 @@
     $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
 
-    if ( !preg_match( '/^[a-z_-]+$/', $page ) )
-        die('-1');
+    if ( $page != sanitize_key( $page ) )
+        die('0');
 
     if ( ! $user = wp_get_current_user() )
@@ -1147 +1147 @@
     $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
 
-    if ( !preg_match( '/^[a-z_-]+$/', $page ) )
-        die('-1');
+    if ( $page != sanitize_key( $page ) )
+        die('0');
 
     if ( ! $user = wp_get_current_user() )