Skip to content

Add missing sanitization to image editing requests #689

New issue
New issue
Closed
#690
Closed
Add missing sanitization to image editing requests#689
#690
Labels
[Plugin] Modern Image FormatsIssues for the Modern Image Formats plugin (formerly WebP Uploads)[Plugin] Performance LabIssue relates to work in the Performance Lab Plugin only[Type] BugAn existing feature is broken
Milestone
2.2.0
@felixarntz

Description

@felixarntz
felixarntz
opened on Mar 27, 2023

Bug Description

The $_REQUEST['target'] parameter used in the image editing compatibility logic for WebP is not being sanitized. Since it is only used in string comparison, this is not actual a security flaw, but we should still sanitize it for good measure.

I would suggest we use sanitize_key() on those occurrences, since the parameter is essentially just used with lowercase "identifiers" to represent a certain target.

Metadata

Metadata

Assignees

No one assigned

    Labels

    [Plugin] Modern Image FormatsIssues for the Modern Image Formats plugin (formerly WebP Uploads)[Plugin] Performance LabIssue relates to work in the Performance Lab Plugin only[Type] BugAn existing feature is broken

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions