WordPress.org
Get WordPress

Plugin Directory

Changeset 2835253


Ignore:
Timestamp:
12/16/2022 08:21:09 PM (3 years ago)
Author:
infracontentools
Message:

Remove sanitize from password

File:
1 edited

Legend:

Unmodified
Added
Removed

  • wp-contentools/tags/3.1.0/includes/class-contentools-rest.php

    r2833993 r2835253  
    209209        );
    210210
    211         header((isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0') . ' ' . $status . ' ' . $statuses[$status]);
     211        header((isset($_SERVER['SERVER_PROTOCOL']) ? sanitize_text_field($_SERVER['SERVER_PROTOCOL']) : 'HTTP/1.0') . ' ' . $status . ' ' . $statuses[$status]);
    212212
    213213        header('Content-Type:application/json; charset=UTF-8');
     
    254254        }
    255255
     256        $php_auth_user = sanitize_user($_SERVER['PHP_AUTH_USER']);
     257
    256258        if (!isset($_SERVER['PHP_AUTH_USER']) && (isset($_SERVER['HTTP_AUTHORIZATION']) || isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))) {
    257259
    258260            if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
    259261
    260                 $header = $_SERVER['HTTP_AUTHORIZATION'];
     262                $header = sanitize_text_field($_SERVER['HTTP_AUTHORIZATION']);
    261263
    262264            } else {
    263265
    264                 $header = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
     266                $header = sanitize_text_field($_SERVER['REDIRECT_HTTP_AUTHORIZATION']);
    265267
    266268            }
     
    268270            if (!empty($header)) {
    269271
    270                 list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6)));
     272                list($php_auth_user, $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6)));
    271273
    272274            }
     
    281283        }
    282284
    283         $username = $_SERVER['PHP_AUTH_USER'];
     285        $username = $php_auth_user;
    284286        $password = $_SERVER['PHP_AUTH_PW'];
    285287
     
    651653
    652654        if (isset($_POST["author"])) {
    653             $attachment['post_author'] = intval($_POST['author']);
     655            $attachment['post_author'] = sanitize_key($_POST['author']);
    654656        }
    655657
     
    669671
    670672        if (isset($_POST["post"])) {
    671             $attachment['post_parent'] = intval($_POST['post']) || null;
     673            $attachment['post_parent'] = sanitize_key($_POST['post']);
    672674        }
    673675
Note: See TracChangeset for help on using the changeset viewer.