WordPress.org

Make WordPress Core


Ignore:
Timestamp:
10/22/2020 02:40:06 AM (12 months ago)
Author:
peterwilsoncc
Message:

XML-RPC: Fix length validation of anonymous commenter's email address.

Fix the first step of validating an anonymous commenters in which the length is checked prior to running regular expressions.

Follow up to [47808].
Fixes #51595.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-xmlrpc-server.php

    r49183 r49271  
    39143914
    39153915            if ( get_option( 'require_name_email' ) ) {
    3916                 if ( strlen( $comment['comment_author_email'] < 6 ) || '' === $comment['comment_author'] ) {
     3916                if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
    39173917                    return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
    39183918                } elseif ( ! is_email( $comment['comment_author_email'] ) ) {
Note: See TracChangeset for help on using the changeset viewer.