Making WordPress.org


Ignore:
Timestamp:
05/01/2020 02:48:37 AM (5 years ago)
Author:
dd32
Message:

Bad Request: Block invalid submissions to the Jetpack Subscription Widget.

See https://github.com/Automattic/jetpack/pull/15638

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php

    r9783 r9800  
    7070
    7171/**
     72 * Detect invalid parameters being passed to the Jetpack Subscription widget.
     73 *
     74 * @see https://github.com/Automattic/jetpack/pull/15638
     75 */
     76add_action( 'template_redirect', function() {
     77    if (
     78        isset( $_REQUEST['action'], $_REQUEST['email'], $_REQUEST['redirect_fragment'] )
     79        && 'subscribe' === $_REQUEST['action']
     80    ) {
     81        if ( ! is_string( $_REQUEST['email'] ) || ! is_string( $_REQUEST['redirect_fragment'] ) ) {
     82            die_bad_request( "non-scalar input to Jetpack Subscribe widget" );
     83        }
     84    }
     85}, 9 );
     86
     87/**
    7288 * Die with a 400 Bad Request.
    7389 *
Note: See TracChangeset for help on using the changeset viewer.