$_REQUEST['term'] used unsanitized in user search query#11530
$_REQUEST['term'] used unsanitized in user search query#11530rajeshcpr wants to merge 1 commit intoWordPress:trunkfrom
Conversation
User-supplied search term is concatenated directly into the get_users() search argument without sanitize_text_field() or wp_unslash().
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the Unlinked AccountsThe following contributors have not linked their GitHub and WordPress.org accounts: @rajeshcpr. Contributors, please read how to link your accounts to ensure your work is properly credited in WordPress releases. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
| ) | ||
| ) : array() ); | ||
|
|
||
| $term = isset( $_REQUEST['term'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['term'] ) ) : ''; |
There was a problem hiding this comment.
Since the only fields are 'user_login', 'user_nicename', and 'user_email', it is unlikely that there would have been any characters which would have been slashed.
| ) | ||
| ) : array() ); | ||
|
|
||
| $term = isset( $_REQUEST['term'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['term'] ) ) : ''; |
There was a problem hiding this comment.
If $term is an empty string, shouldn't this function short-circuit with wp_die( -1 )?
2 participants
User-supplied search term is concatenated directly into the get_users() search argument without
sanitize_text_field() or wp_unslash().
Trac ticket: https://core.trac.wordpress.org/ticket/65051
Fixes #65051
Use of AI Tools
This Pull Request is for code review only. Please keep all other discussion in the Trac ticket. Do not merge this Pull Request. See GitHub Pull Requests for Code Review in the Core Handbook for more details.