Changeset 49273 for branches/5.5/src/wp-includes/class-wp-xmlrpc-server.php

Timestamp:

10/22/2020 02:45:47 AM (4 years ago)

Author:

peterwilsoncc

Message:

XML-RPC: Fix length validation of anonymous commenter's email address.

Fix the first step of validating an anonymous commenters in which the length is checked prior to running regular expressions.

Follow up to [47808].
Merges [49271] to the 5.5 branch.
Fixes #51595.

Location:

branches/5.5

Files:

• . (modified) (1 prop)
• src/wp-includes/class-wp-xmlrpc-server.php (modified) (1 diff)

branches/5.5/src/wp-includes/class-wp-xmlrpc-server.php

@@ -3913 +3913 @@
 
             if ( get_option( 'require_name_email' ) ) {
-                if ( strlen( $comment['comment_author_email'] < 6 ) || '' === $comment['comment_author'] ) {
+                if ( strlen( $comment['comment_author_email'] ) < 6 || '' === $comment['comment_author'] ) {
                     return new IXR_Error( 403, __( 'Comment author name and email are required.' ) );
                 } elseif ( ! is_email( $comment['comment_author_email'] ) ) {