Ensure request parameters are unslashed

rmccue · rmccue · commit 24dce8cdfc60 · 2014-04-13T19:41:30.000+10:00
diff --git a/lib/class-wp-json-authentication-oauth1-authorize.php b/lib/class-wp-json-authentication-oauth1-authorize.php
@@ -57,10 +57,10 @@ public function render_page() {
 		}
 
 		// Set up fields
-		$token_key = $_REQUEST['oauth_token'];
+		$token_key = wp_unslash( $_REQUEST['oauth_token'] );
 		$scope = '*';
 		if ( ! empty( $_REQUEST['wp_scope'] ) ) {
-			$scope = $_REQUEST['wp_scope'];
+			$scope = wp_unslash( $_REQUEST['wp_scope'] );
 		}
 
 		$authenticator = new WP_JSON_Authentication_OAuth1();

Original file line number	Diff line number	Diff line change
`@@ -57,10 +57,10 @@ public function render_page() {`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`// Set up fields`
`60`		`- $token_key = $_REQUEST['oauth_token'];`
	`60`	`+ $token_key = wp_unslash( $_REQUEST['oauth_token'] );`
`61`	`61`	`$scope = '*';`
`62`	`62`	`if ( ! empty( $_REQUEST['wp_scope'] ) ) {`
`63`		`- $scope = $_REQUEST['wp_scope'];`
	`63`	`+ $scope = wp_unslash( $_REQUEST['wp_scope'] );`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`$authenticator = new WP_JSON_Authentication_OAuth1();`