Plugin flagged as using using unsanitize user inputs

  • Resolved hsrob

    (@hsrob)


    5 years, 9 months ago

    Hi, I have received a warning message from the WPMU defender plugin that your flexible check out fields plugin has a potential vulnerability and I should check with the developer.

    It does say it is a just a warning in case and that it could be totally fine but I wanted to check to be sure.

    The issue flagged is as follows…

    File Location: /wp-content/plugins/flexible-checkout-fields/classes/filed-validation.php

    Found 1 issues.

    The function call_user_func line 46 column 6 execute using unsanitize user inputs.

    The line in question is…

    call_user_func( $custom_validations[$field[‘validation’]][‘callback’], $field[‘label’], $_POST[$field_key] );

    Could you please confirm that this is as it should be or let mw know what the solution is

    Many thanks

    Rob

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi,

    I will pass on this problem to programmers. If there are any arrangements, I will let you know.

    Thread Starter hsrob

    (@hsrob)

    Thank you, please let me know if all is ok when they get back to you and I will then whitelist.

    Thank you for your help in this.

    Cheers

    Rob

    Plugin Contributor dyszczo

    (@dyszczo)

    Hi,

    the line in consideration concerns validation, so unsanitized input is not a problem and I can confirm that you can whitelist it in the Defender. Despite that, we will change the code so the Defenfer won’t whine anymore ??

    Best regards,
    dyszczo

    Thread Starter hsrob

    (@hsrob)

    Fantastic, thanks for your response that’s great.

    Rob

    Hi,

    The changes were introduced in the latest version of the plugin. Please update.

    Best regards

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Plugin flagged as using using unsanitize user inputs’ is closed to new replies.