search

sitecrafting / conifer

:evergreen_tree: A powerful WordPress library plugin for OO development
https://www.coniferplug.in
MIT License
18 stars 2 forks source link

Safe Redirects #139

Open acobster opened 3 years ago

acobster commented 3 years ago

Per lando sniff:

FILE: /app/lib/Conifer/Site.php
----------------------------------------------------------------------
FOUND 0 ERRORS AND 1 WARNING AFFECTING 1 LINE
----------------------------------------------------------------------
 737 | WARNING | wp_redirect() found. Using wp_safe_redirect(), along
     |         | with the allowed_redirect_hosts filter if needed,
     |         | can help avoid any chances of malicious redirects
     |         | within code. It is also important to remember to
     |         | call exit() after a redirect so that no other
     |         | unwanted code is executed.
     |         | (WordPress.Security.SafeRedirect.wp_redirect_wp_redirect)
----------------------------------------------------------------------

This is relatively low-risk because it would require us to be running malicious code on the server already that uses the admin_url to make a malicious redirect. No sites are currently affected.