Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing wp_unslash() before sanitization called on intval() #426

Closed
paulschreiber opened this issue Aug 25, 2015 · 2 comments
Closed

Missing wp_unslash() before sanitization called on intval() #426

paulschreiber opened this issue Aug 25, 2015 · 2 comments
Labels
Type: Enhancement
Milestone
0.7.0

Comments

@paulschreiber
Copy link
Contributor

This code:

get_permalink( intval( $_POST['id'] ) );

generates a "Missing wp_unslash() before sanitization" error.

I can see that making sense before sanitize_text_field(), but it seems unnecessary before intval().
@westonruter
Copy link
Member

Unnecessary, true. But I think it is also good to make such a rule global to avoid having to second guess.

Nevertheless, it shouldn't be too hard to add exceptions to the wp_unslash requirement when the input var is being passed through intval() and boolval().

JDGrimes added a commit that referenced this issue Aug 25, 2015
@JDGrimes
Add intval() and boolval() to unslashing functions
13791ce 
They implicitly unslash the data passed to them, so it doesn't need to be put through `wp_unslash()` as well.

Fixes #426
@JDGrimes JDGrimes mentioned this issue Aug 25, 2015
Merged
@JDGrimes JDGrimes added this to the 0.7.0 milestone Aug 25, 2015
@JDGrimes
Copy link
Contributor

We already do this for absint() and some other similar functions. I've opened #427, which adds these functions to that list.

@JDGrimes JDGrimes self-assigned this Aug 25, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement
Projects
None yet
Milestone
0.7.0
Development

No branches or pull requests
3 participants
@paulschreiber @westonruter @JDGrimes