$_REQUEST not sanitised?

  • Resolved qross

    (@qross)


    7 years, 5 months ago

    Hi, it’s just great plugin.
    But I wonder why my posts were not modified though I use “sanitise REQUEST variable” option.

    I can see some escaped characters if I enable “sanitise POST variable” and disable whitelist myself.

    the documentation says

    Do not enable this option, for the same reason as with “Sanitise POST variable”.

    as description about “Sanitise REQUEST variable”.

    What am I missing?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nintechnet

    (@nintechnet)

    7 years, 5 months ago

    Hi

    The reason is because when you submit your post, WordPress will override REQUEST (which was sanitised by the firewall) with the content of the POST global variable. That’s the way WordPress works and one of the reasons why we don’t recommend to use this policy with WordPress.

    Thread Starter qross

    (@qross)

    7 years, 5 months ago

    ok, I totally understood.
    thanks a lot.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘$_REQUEST not sanitised?’ is closed to new replies.