#34410 closed defect (bug) (invalid)
For validation of the $code: status_header
Reported by: | tmatsuur | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | HTTP API | Keywords: | |
Focuses: | Cc: |
Description
In version 4.4 beta1, the value of the code has not been validated.
I think that there is a possibility to issue the status of the invalid value in this source code.
I think that is better to check always the value of $code in get_status_header_desc function.
$_description = get_status_header_desc( $code ); if ( empty( $_description ) ) { return; } if ( ! $description ) { $description = $_description; }
Change History (2)
#1
follow-up:
↓ 2
@
9 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
- Version trunk deleted
#2
in reply to:
↑ 1
@
9 years ago
Replying to jeremyfelt:
Thanks for the report.
get_status_header_desc()
provides a default white list of status codes and descriptions unless (it appears) it is completely overridden by custom functionality. Anyone overriding this list would need to do so in its entirety and should then provide appropriate validation.
Thank you.
And I understand about this.
Note: See
TracTickets for help on using
tickets.
Thanks for the report.
get_status_header_desc()
provides a default white list of status codes and descriptions unless (it appears) it is completely overridden by custom functionality. Anyone overriding this list would need to do so in its entirety and should then provide appropriate validation.