Better validate user input

  • Artem Frolov

    (@dikiy_forester)


    3 months, 2 weeks ago

    Hello!

    Reviewing logs, i’ve found fatal errors related to this plugin:

    PHP Fatal error: Uncaught ValueError: setcookie(): Argument #1 ($name) cannot contain "=", ",", ";", " ", "t", "r", "n", "13", or "14" in .../wp-content/plugins/posts-like-dislike/inc/classes/pld-ajax.php(103): setcookie('pld_1 PROCEDURE...', 'like', 1799985351, '/') #1 .../wp-includes/class-wp-hook.php(341): PLD_Ajax->like_dislike_action('') #2 .../wp-includes/class-wp-hook.php(365): WP_Hook->apply_filters('', Array) #3 .../wp-includes/plugin.php(522): WP_Hook->do_action(Array) #4 .../wp-admin/admin-ajax.php(207): do_action('wp_ajax_nopriv_...') #5 {main} thrown in .../wp-content/plugins/posts-like-dislike/inc/classes/pld-ajax.php on line 103

    Some scanner bot tries to pass code instead of the post_id integer to the PLD AJAX request. The code contains the space character and it causes set_cookie error.

    To fix this, you could explicitly cast the user input $_POST[‘post_id’] to integer ensure it always the post id number. And after, check on non-empty value.

    Regards!

Viewing 1 replies (of 1 total)
  • Plugin Contributor Regan Khadgi

    (@regankhadgi)

    3 months, 2 weeks ago

    Hello there,

    Thank you for letting us know about this error. We will check and fix the issue and release an update soon.

    Thanks

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.