Opened 2 years ago
Last modified 2 years ago
#55855 new enhancement
In wp-admin folder the ajax-actions.php file has some unsanitize data issue.
Reported by: | smit08 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Administration | Keywords: | needs-patch close |
Focuses: | Cc: |
Description
Path of file: wp-admin/includes/ajax-actions.php
In these files, there are some $_POST used without sanitizing by filter_input. I think this should be solved.
I am adding some code below for some reference.
$post_id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0;
Attachments (1)
Change History (3)
Note: See
TracTickets for help on using
tickets.
I have solved the sanitize data in one place by using filter_input. Please review it and if its in proper way then i will change it for whole file.