URL parameters should be sanitized as keys

  • Resolved danielgm

    (@danielgm)


    6 years, 7 months ago

    /public/class-wp-temporary-login-without-password-public.php

    $wtlwp_token = $_GET['wtlwp_token'];

    should be

    $wtlwp_token = sanitize_key( $_GET['wtlwp_token'] );

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘URL parameters should be sanitized as keys’ is closed to new replies.