Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#54748 closed defect (bug) (invalid)

Data Sanitizing Issue in wp-signup.php

Reported by: shyamavadukar's profile shyamavadukar Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: Cc:

Description

Hello WordPress Team,

I have seen that WordPress have issue in the Data Sanitinzing.

Envato has those standards for escaping, and validation. See the Data Sanitinzing link: https://developer.wordpress.org/themes/theme-security/data-sanitization-escaping/

In the WordPress 5.9 Beta Version. There is a Data Sanitinzing issue in file "wp-signup.php" in root folder. See the issue in the below screenshot.
https://prnt.sc/264e1mm

Kindly take a look on my request and fix it.

Thank you!

Attachments (2)

wp-signup.php.patch (492 bytes) - added by shyamavadukar 3 years ago.
wp-ds-issue.png (72.5 KB) - added by shyamavadukar 3 years ago.

Download all attachments as: .zip

Change History (4)

#1 @costdev
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version trunk deleted

Hi @shyamavadukar, thanks for opening this ticket and welcome to Trac!

These values are passed to wpmu_validate_user_signup(), ​which performs the sanitization using sanitize_user() and sanitize_email().

#2 @SergeyBiryukov
3 years ago

  • Component changed from General to Users
  • Summary changed from Data Sanitizing Issue to Data Sanitizing Issue in wp-signup.php
Note: See TracTickets for help on using tickets.