Context Navigation

← Previous Ticket
Next Ticket →

#65054 assigned defect (bug)

$_GET['pagenow'] and $_GET['widget'] unsanitized in dashboard AJAX handler

Reported by:	rajeshcp	Owned by:	rajeshcp
Milestone:	Awaiting Review	Priority:	normal
Severity:	major	Version:	trunk
Component:	Security	Keywords:	has-patch needs-testing
Focuses:		Cc:

Description

$_GETpagenow? and $_GETwidget? unsanitized in dashboard AJAX handler
Both values are read directly without sanitize_key(). While the switch/comparison limits damage, unsanitized

superglobal access violates WordPress coding standards unconditionally.

Change History (1)

This ticket was mentioned in PR #11540 on WordPress/wordpress-develop by @rajeshcp.

27 hours ago #1

$_GETpagenow? and $_GETwidget? unsanitized in dashboard AJAX handler

Both values are read directly without sanitize_key(). While the switch/comparison limits damage, unsanitized

superglobal access violates WordPress coding standards unconditionally.

Trac ticket: https://core.trac.wordpress.org/ticket/65054
Fixes #65054

## Use of AI Tools

Note: See TracTickets for help on using tickets.

Trac UI Preferences

Download in other formats:

Make WordPress Core