Making WordPress.org


Ignore:
Timestamp:
05/27/2021 12:42:54 AM (4 years ago)
Author:
dd32
Message:

Translations API: Harden the API against invalid input.

This prevents PHP Warnings and hopefully will flag to users of the API when they call it incorrectly.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/api.wordpress.org/public_html/translations/plugins/1.0/index.php

    r811 r10998  
    88wp_cache_init();
    99
    10 $slug = isset( $_REQUEST['slug'] ) ? $_REQUEST['slug'] : '';
     10$slug    = isset( $_REQUEST['slug'] )    ? $_REQUEST['slug']    : '';
    1111$version = isset( $_REQUEST['version'] ) ? $_REQUEST['version'] : null;
     12
     13foreach ( [ 'slug', 'version' ] as $field ) {
     14    if ( $$field && ! is_string( $$field ) ) {
     15        header( $_SERVER['SERVER_PROTOCOL'] . ' 400 Bad Request' );
     16        die( "?{$field}= invalid." );
     17    }
     18}
    1219
    1320$translations = find_all_translations_for_type_and_domain( 'plugin', $slug, $version );
Note: See TracChangeset for help on using the changeset viewer.