rest_is_ip_address() not a sanitizer?

  • Resolved Jacob N. Breetvelt

    (@opajaap)


    3 months ago

    rest_is_ip_address() seems not to be recognized as sanitizer:

    This code:

    // Generate a unique session id
function wppa_get_session_id() {
global $wppa_version;
static $session_id;

	// Found already?
	if ( $session_id ) {
		return $session_id;
	}

	// Look for a cookie
	if ( isset( $_COOKIE['wppa_session_id'] ) ) {
(30)		$t = rest_is_ip_address( wp_unslash( $_COOKIE['wppa_session_id'] ) );
		if ( $t ) {
			$session_id = $t;
			return $session_id;
		}
	}

    generates this error:

    30 40 ERROR WordPress.Security.ValidatedSanitizedInput.InputNotSanitized Detected usage of a non-sanitized input variable: $_COOKIE[‘wppa_session_id’]

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.