-
-
Notifications
You must be signed in to change notification settings - Fork 470
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WordPress.Security.NonceVerification.Missing not reported when using filter_input #2299
Comments
Just saw that this was requested by @GaryJones when this rule was added initially: #325 (comment) While back then someone said that |
Same issue also for |
@johnstonphilip Please don't spam issues with "+1"'s which don't contribute anything useful to the discussion. You can use the emoji response on the first post for that. |
I didn't intend to spam. My apologies. I'm just wanting to note that this is a very important issue to me. Thanks, and my apologies again! |
Bug Description
When using filter_input with INPUT_GET or INPUT_POST or INPUT_COOKIE, it's like accessing the $_GET/$_POST superglobals.
Therefore a nonce validation is required.
Minimal Code Snippet
The issue happens when running this command:
... over a file containing this code:
Error Code
WordPress.Security.NonceVerification.Missing
Environment
Tested Against
develop
branch?develop
branch of WPCS.The text was updated successfully, but these errors were encountered: