correction on iThemes blog post

  • Resolved nlpro

    (@nlpro)


    1 year, 12 months ago

    Hi @shanedelierrr,

    Would it be possible to rectify the following issue in the iThemes blog post Security Release: Update iThemes Security Free and Pro (I quote):

    ?… due to improper sanitization of?$_SERVER?data.

    That is incorrect. It should read something like:

    … due to lack of validation on the $location parameter value when using the wp_redirect() function.

    wp_redirect() does perform sanitization on the $location parameter value.

    wp_safe_redirect() however performs both, sanitization and validation on the $location parameter value.

    So the vulnerability was fixed by simply replacing the call to wp_redirect() by a call to wp_safe_redirect() in the code of the Enforce SSL feature/module.

    A good blog post on security deserves 100% correctness;-)

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @nlpro, thank you for letting us know! I have forwarded this to our team and will get back to you once the article is updated.

    Plugin Support chandelierrr

    (@shanedelierrr)

    Hi @nlpro, I’m happy to inform you that the article has been updated to reflect the correct information. Once again, we appreciate you for letting us know and for your support.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘correction on iThemes blog post’ is closed to new replies.