Suspicious code in DataBuilder.php

  • Resolved cmht

    (@eightsages)


    6 years, 3 months ago

    Hi,

    Our security plugin (Defender Pro v2.1.4) has highlighted suspicious code in DataBuilder.php in Rank Math v1.0.35.3 :

    The function extract line 692 column 13 execute using unsanitize user inputs:
    extract($this->parseForwardedString($_SERVER[‘HTTP_FORWARDED’]));

    The function extract line 717 column 13 execute using unsanitize user inputs:
    extract($this->parseForwardedString($_SERVER[‘HTTP_FORWARDED’]));

    Should we be concerned about these ?

    Thanks

    Chris

Viewing 1 replies (of 1 total)
  • Plugin Author Rank Math SEO

    (@rankmath)

    6 years, 3 months ago

    Hello @eightsages

    Thank you for contacting the support.

    The warning is about the extract function used in the plugin and sometimes these security plugins warn if they think that the sanitization is not done properly around it.

    You can safely ignore that warning as we have done proper sanitization in the plugin around that code.

    Hope that helps. If you have any further question(s), please let us know.

Viewing 1 replies (of 1 total)

The topic ‘Suspicious code in DataBuilder.php’ is closed to new replies.