Making WordPress.org


Ignore:
Timestamp:
05/27/2021 12:42:54 AM (4 years ago)
Author:
dd32
Message:

Translations API: Harden the API against invalid input.

This prevents PHP Warnings and hopefully will flag to users of the API when they call it incorrectly.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/api.wordpress.org/public_html/translations/core/1.0/index.php

    r1833 r10998  
    88wp_cache_init();
    99
    10 $version = isset( $_REQUEST['version'] ) ? str_replace( '-src', '', $_REQUEST['version'] ) : WP_CORE_LATEST_RELEASE;
     10$version = WP_CORE_LATEST_RELEASE;
     11if ( isset( $_REQUEST['version'] ) ) {
     12    $version = $_REQUEST['version'];
     13    if ( ! is_string( $version ) || ! is_numeric( $version[0] ) ) {
     14        header( $_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request' );
     15        die( '?version= must be a valid WordPress version' );
     16    }
     17
     18    $version = str_replace( '-src', '', $version );
     19}
    1120
    1221$translations = find_all_translations_for_core( $version );
Note: See TracChangeset for help on using the changeset viewer.