WordPress.org

Making WordPress.org

#2869 closed enhancement (fixed)

$_POST does not check on existing keys in sponsor info

Reported by: davidmosterd Owned by: coreymckrill
Milestone: Priority: low
Component: WordCamp Site & Plugins Keywords: good-first-bug has-patch
Cc:

Description

The sponsor invoice info is submitted and only checked on a few nonce and single post field. In theory certain $_POST keys could not be present. Although this would only trigger a notice, it might be better to use PHP's native filter_input mechanism.

The function is save_post_sponsor in the WordCamp_Post_Types_Plugin class.

Attachments (2)

2869.meta.diff (1.5 KB) - added by davidmosterd 22 months ago.
Initial patch using filter_input
2869.meta.2.diff (1.9 KB) - added by davidmosterd 22 months ago.
code standards and small readable fix on variable name

Download all attachments as: .zip

Change History (6)

#1 @SergeyBiryukov
22 months ago

  • Component changed from General to WordCamp Site & Plugins

#2 @coreymckrill
22 months ago

  • Keywords good-first-bug added
  • Owner set to coreymckrill
  • Priority changed from lowest to low
  • Status changed from new to accepted

@davidmosterd
22 months ago

Initial patch using filter_input

@davidmosterd
22 months ago

code standards and small readable fix on variable name

#3 @davidmosterd
22 months ago

  • Keywords has-patch added; needs-patch removed

Could of course be applied to the entire class/ plugin, if we decide this is the right way to go I can go through the rest of the code as well.

#4 @coreymckrill
22 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 5568:

WordCamp Post Types: Avoid notices for missing $_POST keys

Use filter_input to ensure that $_POST keys exist before calling
their values. This function isn't used anywhere in Core because of
PHP compatibility issues, but it shouldn't cause an issue on
WordCamp.org.

Props davidmosterd
Fixes #2869

Note: See TracTickets for help on using tickets.