Quantcast
Channel: admin — WordPress Plugins
Viewing all articles
Browse latest Browse all 2035

Necessary-tools

$
0
0

Emailed Author: There are issues with your plugin code. Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in your plugin being rejected.

## Please sanitize and validate your POST calls

You are not properly sanitizing your POST/GET/REQUEST calls.

All instances where $_POST data is inserted into the database, or into a file, MUST be properly sanitized for security. This also holds true for $_REQUEST calls that are processed. In addition, by sanitizing your POST data when used to make action calls or URL redirects, you will lessen the possibility of XSS vulnerabilities.

Using stripslashes is not enough, you need to use the Input Validation methods, or things similar, to protect your plugin. The ultimate goal is that you should ensure that invalid data is NEVER processed.

Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data

$post_id = $_POST['post_id'];
$post_type = $_POST['post_type'];
$post_data = get_post( $post_id, ARRAY_A );
$post_custom = get_post_custom( $post_id );

You're not sanitizing that before poking the database.

----

Please make sure you've addressed ALL issues brought up in this email. When you've corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.


Viewing all articles
Browse latest Browse all 2035

Trending Articles