mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Loosen validation regex to use sanitize_key() in a few AJAX locations for things like pages, orders, columns. Change return value to 0 for failure, as -1 is reserved for authentication/intention. props ocean90, azaozz, fixes #18637.
git-svn-id: http://svn.automattic.com/wordpress/trunk@18663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
feb2ba5831
commit
c9301a30be
@ -1025,8 +1025,8 @@ case 'closed-postboxes' :
|
||||
|
||||
$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
|
||||
|
||||
if ( !preg_match( '/^[a-z_-]+$/', $page ) )
|
||||
die('-1');
|
||||
if ( $page != sanitize_key( $page ) )
|
||||
die('0');
|
||||
|
||||
if ( ! $user = wp_get_current_user() )
|
||||
die('-1');
|
||||
@ -1047,8 +1047,8 @@ case 'hidden-columns' :
|
||||
$hidden = explode( ',', $_POST['hidden'] );
|
||||
$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
|
||||
|
||||
if ( !preg_match( '/^[a-z_-]+$/', $page ) )
|
||||
die('-1');
|
||||
if ( $page != sanitize_key( $page ) )
|
||||
die('0');
|
||||
|
||||
if ( ! $user = wp_get_current_user() )
|
||||
die('-1');
|
||||
@ -1146,8 +1146,8 @@ case 'meta-box-order':
|
||||
|
||||
$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
|
||||
|
||||
if ( !preg_match( '/^[a-z_-]+$/', $page ) )
|
||||
die('-1');
|
||||
if ( $page != sanitize_key( $page ) )
|
||||
die('0');
|
||||
|
||||
if ( ! $user = wp_get_current_user() )
|
||||
die('-1');
|
||||
|
Loading…
Reference in New Issue
Block a user