Possible XSS Issue?
-
return $_REQUEST[$param];This seems dangerous to me — I was able to get HTML to output by hacking the query string:
?FirstName=<b>Bold</b><scripts> and <iframe> tags broke due to some funky quoting, but I didn’t mess around long.
Seems like at a minimum you should sanitize with the same sanitization the post went through? i.e. wp_kses_post?
return wp_kses_post( $_REQUEST[$param] );
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘Possible XSS Issue?’ is closed to new replies.
