Changeset 11381 for sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-readme-validator.php

Timestamp:

12/16/2021 04:21:13 AM (3 years ago)

Author:

dd32

Message:

Plugin Directory: Readme Validator: Protect inputs against vulnerability scanners sending junk inputs.

File:

• sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-readme-validator.php (modified) (2 diffs)

sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/shortcodes/class-readme-validator.php

@@ -18 +18 @@
             }
 
-            $readme_url      = $_REQUEST['readme'] ?? '';
-            $readme_contents = $_POST['readme_contents'] ?? '';
-            $readme_contents = base64_decode( wp_unslash( $readme_contents ) );
+            $readme_url      = '';
+            $readme_contents = '';
+            if ( ! empty( $_REQUEST['readme'] ) && is_string( $_REQUEST['readme'] ) ) {
+                $readme_url = $_REQUEST['readme'];
+            }
+            if ( ! empty( $_POST['readme_contents'] ) && is_string( $_POST['readme_contents'] ) ) {
+                $readme_contents = base64_decode( wp_unslash( $_POST['readme_contents'] ) );
+            }
             ?>
 
@@ -59 +64 @@
      */
     protected static function validate_readme() {
-        if ( ! empty( $_REQUEST['readme'] ) ) {
+        if ( ! empty( $_REQUEST['readme'] ) && is_string( $_REQUEST['readme'] ) ) {
             $errors = Validator::instance()->validate_url( wp_unslash( $_REQUEST['readme'] ) );
 
-        } elseif ( ! empty( $_POST['readme_contents'] ) ) {
+        } elseif ( ! empty( $_POST['readme_contents'] ) && is_string( $_POST['readme_contents'] ) ) {
             $errors = Validator::instance()->validate_content( base64_decode( wp_unslash( $_REQUEST['readme_contents'] ) ) );