Make WordPress Core

Opened 3 weeks ago

Last modified 3 weeks ago

#62477 new defect (bug)

Do not use $_POST['action'] in the sanitize function.

Reported by: nikitasolanki1812's profile nikitasolanki1812 Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords: has-patch
Focuses: coding-standards Cc:

Description

https://prnt.sc/1LYAES3IjYj0

wp-admin\includes\ajax-actions.php

Attachments (1)

62477.2.patch (1.8 KB) - added by jigar bhanushali 3 weeks ago.

Download all attachments as: .zip

Change History (3)

This ticket was mentioned in PR #7839 on WordPress/wordpress-develop by @im3dabasia1.


3 weeks ago
#1

Trac ticket: https://core.trac.wordpress.org/ticket/62477

### Description:
Sanitize $_POSTaction? in _wp_ajax_add_hierarchical_term to enhance security.

#2 @jigar bhanushali
3 weeks ago

I have added an improved version of the previous patch. I hope this works well.

  • Fixed missing sanitization in other areas.
  • Eliminated redundant isset checks for the same variable.
  • Removed unnecessary variable casting for $post_category as it is already handled in the condition.
Note: See TracTickets for help on using tickets.