WordPress.org
Get WordPress

Making WordPress.org


Ignore:
Timestamp:
07/24/2025 01:38:04 AM (9 months ago)
Author:
dd32
Message:

API: Trac helpers: Avoid fatals with invalid inputs.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • sites/trunk/api.wordpress.org/public_html/dotorg/trac/oembed/index.php

    r11614 r14489  
    2525header( 'X-WP-Embed: true' );
    2626
    27 $url = wp_unslash( $_REQUEST['url'] ?? '' );
     27$url = $_REQUEST['url'] ?? '';
     28$url = is_string( $url ) ? wp_unslash( $url ) : '';
    2829
    2930header( 'Allow: GET' );
     
    3132
    3233if (
     34    ! $url ||
     35    'GET' !== $_SERVER['REQUEST_METHOD'] ||
    3336    // meta|core are the only tracs embedable.
    3437    // milestone|ticketgraph|ticket|changeset are the only endpoints allowable.
    35     ! preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>milestone|ticketgraph|ticket|changeset|query)([/?]|$)!i', $url, $m ) ||
    36     'GET' !== $_SERVER['REQUEST_METHOD']
     38    ! preg_match( '!^(?P<baseurl>https://(?P<trac>meta|core).trac.wordpress.org/)(?P<type>milestone|ticketgraph|ticket|changeset|query)([/?]|$)!i', $url, $m )
    3739) {
    3840    header( 'HTTP/1.1 404 Not Found', true, 404 );
Note: See TracChangeset for help on using the changeset viewer.