WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#34410 closed defect (bug) (invalid)

For validation of the $code: status_header

Reported by: tmatsuur Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: HTTP API Keywords:
Focuses: Cc:
PR Number:

Description

In version 4.4 beta1, the value of the code has not been validated.
I think that there is a possibility to issue the status of the invalid value in this source code.

I think that is better to check always the value of $code in get_status_header_desc function.

$_description = get_status_header_desc( $code );
if ( empty( $_description ) ) {
	return;
}

if ( ! $description ) {
	$description = $_description;
}

Change History (2)

#1 follow-up: @jeremyfelt
4 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version trunk deleted

Thanks for the report. get_status_header_desc() provides a default white list of status codes and descriptions unless (it appears) it is completely overridden by custom functionality. Anyone overriding this list would need to do so in its entirety and should then provide appropriate validation.

#2 in reply to: ↑ 1 @tmatsuur
4 years ago

Replying to jeremyfelt:

Thanks for the report. get_status_header_desc() provides a default white list of status codes and descriptions unless (it appears) it is completely overridden by custom functionality. Anyone overriding this list would need to do so in its entirety and should then provide appropriate validation.

Thank you.
And I understand about this.

Note: See TracTickets for help on using tickets.