Skip to content

Commit

Permalink
Use FILTER_SANITIZE_EMAIL filter to sanitize email input (#8957)
Browse files Browse the repository at this point in the history
  • Loading branch information
@hsingyuc
hsingyuc committed Jun 14, 2024
1 parent 13ea0cf commit 0948bf9
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
4 changes: 4 additions & 0 deletions changelog/update-use-filter-sanitize-email-to-sanitize-email-input
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: update

Use FILTER_SANITIZE_EMAIL to sanitize email input
4 changes: 1 addition & 3 deletions includes/express-checkout/class-wc-payments-express-checkout-button-display-handler.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,7 @@ function ( $js_config ) use ( $order ) {
$session_email = is_array( $customer ) && isset( $customer['email'] ) ? $customer['email'] : '';
}

// Silence the filter_input warning because we are sanitizing the input with sanitize_email().
// nosemgrep: audit.php.lang.misc.filter-input-no-filter.
$user_email = isset( $_POST['email'] ) ? sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email' ) ) ) : $session_email;
$user_email = isset( $_POST['email'] ) ? sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email', FILTER_SANITIZE_EMAIL ) ) ) : $session_email;

$js_config['order_id'] = $order->get_id();
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated
Expand Down

0 comments on commit 0948bf9

Please sign in to comment.