Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flag any non-validated/sanitized super global input vars #101

Merged
merged 5 commits into from
Oct 23, 2013
Merged

Flag any non-validated/sanitized super global input vars #101

merged 5 commits into from
Oct 23, 2013

Conversation

shadyvb
Copy link
Contributor

@shadyvb shadyvb commented Oct 20, 2013

Fixes #72

@shadyvb
Flag any non-validated/sanitized super global input vars.
9dc81b5 
Closes #72
Switch list of sanitizing/autoescaping function to a static var to be used by other classes
@ghost ghost assigned westonruter Oct 20, 2013
westonruter
westonruter reviewed Oct 22, 2013
View reviewed changes
Sniffs/XSS/EscapeOutputSniff.php
return;
}

if (in_array($functionName, $this->sanitizingFunctions) === false) {
if (in_array($functionName, self::$sanitizingFunctions) === false) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shadyvb just curious: why the switch from instance to static?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So i can use the list of functions in other classes, https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/pull/101/files#diff-6693bc98032bf5043abf5d11967faf4aR104

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Instead of replicating the exact same list again.

westonruter
westonruter reviewed Oct 22, 2013
View reviewed changes
Tests/VIP/ValidatedSanitizedInputUnitTest.inc
empty( $_REQUEST['foo'] )
||
empty( $_POST['foo'] )
);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shadyvb I added this use of empty() which should be fine just like isset() but it is not.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My bad, fix is on the way!

@westonruter
Copy link
Member

@shadyvb could you please merge develop into this branch and resolve the merge conflicts?

@ghost ghost assigned shadyvb Oct 22, 2013
@shadyvb
Merge branch 'develop' of github.com:WordPress-Coding-Standards/WordP…
39f7d3c 
…ress-Coding-Standards into issue/72

Conflicts:
	Sniffs/XSS/EscapeOutputSniff.php
@shadyvb
Fix indentation, convert to tabs.
4580085
westonruter added a commit that referenced this pull request Oct 23, 2013
@westonruter
Merge pull request #101 from WordPress-Coding-Standards/issue/72
6a83301 
Flag any non-validated/sanitized super global input vars
@westonruter westonruter merged commit 6a83301 into develop Oct 23, 2013
@GaryJones GaryJones added this to the 0.3.0 milestone Aug 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.3.0
Development

Successfully merging this pull request may close these issues.

Flag any non-validated/sanitized $_GET, $_POST, $_REQUEST, $_SERVER
3 participants
@shadyvb @westonruter @GaryJones