Make WordPress Core

Opened 3 months ago

Last modified 2 months ago

#60470 new enhancement

Use `filter_input` instead of superglobals where possible

Reported by: kkmuffme's profile kkmuffme Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:

Description

The $_SERVER, $_GET, and $_POST variables are inherently unsafe and shouldn't be used, as they can be modified in userland.

filter_input should be used instead - for cases where there is no appropriate sanitizing available the FILTER_CALLBACK flag can be used with the WP sanitizing function, e.g. FILTER_CALLBACK

Change History (3)

#2 @kkmuffme
2 months ago

This isn't really related, is it? (very, very tangentially at best)

---

Using filter_input would also finally provide a pathway out of the useless unslashing, bc the data from filter_input isn't corrupted by WP's unnecessary slashing of superglobals in the first place.

#3 @kkmuffme
2 months ago

As of PHP 8 any disabled functions aren't included in the functions table and can be overwritten by a userland function - WP could define filter_input if it doesn't exist in those cases (https://php.watch/versions/8.0/disable_functions-redeclare)
Which would make the argument that some servers don't have filter_ functions enabled redundant too.
As soon as WP raises the minimum to PHP 8, this is definitely the way to go I'd say?

Note: See TracTickets for help on using tickets.