Closed mrhead closed 1 year ago
https://3.basecamp.com/3293071/buckets/9856127/todos/5621901887
ccca242 Validate $_POST['memberful_product_acl'] and $_POST['memberful_subscription_acl'] in src/metabox.php
396f9e6 Sanitize $_POST['memberful_marketing_content'] in src/metabox.php
c676e62 Sanitize and validate POST inputs in memberful_wp_bulk_protect()
memberful_wp_bulk_protect()
6a4b21b Sanitize and validate POST inputs in memberful_wp_protect_bbpress()
memberful_wp_protect_bbpress()
65fe53f Validate POST inputs in memberful_wp_private_rss_feed_settings()
memberful_wp_private_rss_feed_settings()
1d71c95 Sanitize values from $_GET['category']
$_GET['category']
c5d6b58 Sanitize redirect URLs with wp_sanitize_redirect()
wp_sanitize_redirect()
d0a52d7 Sanitize $_GET['member-feed']
$_GET['member-feed']
This seems unnecessary because we pass it to WP_Query which should sanitize it.
WP_Query
However, I'm afraid that we need to do this anyway to make sure we pass the security audit.
https://3.basecamp.com/3293071/buckets/9856127/todos/5621901887
ccca242 Validate $_POST['memberful_product_acl'] and $_POST['memberful_subscription_acl'] in src/metabox.php
396f9e6 Sanitize $_POST['memberful_marketing_content'] in src/metabox.php
c676e62 Sanitize and validate POST inputs in
memberful_wp_bulk_protect()6a4b21b Sanitize and validate POST inputs in
memberful_wp_protect_bbpress()65fe53f Validate POST inputs in
memberful_wp_private_rss_feed_settings()1d71c95 Sanitize values from
$_GET['category']c5d6b58 Sanitize redirect URLs with
wp_sanitize_redirect()d0a52d7 Sanitize
$_GET['member-feed']This seems unnecessary because we pass it to
WP_Querywhich should sanitize it.However, I'm afraid that we need to do this anyway to make sure we pass the security audit.