WordPress.org

Plugin Directory

Changeset 730759


Ignore:
Timestamp:
06/24/13 09:43:45 (10 months ago)
Author:
donncha
Message:

Sanitize the cookie key name before setting it. Props Matt Cutts and @planetzuda on Twitter.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • cookies-for-comments/trunk/css.php

    r307703 r730759  
    11<?php 
    2 if ( !isset( $_COOKIE[ $_GET[ 'k' ] ] ) || ( isset( $_COOKIE[ $_GET[ 'k' ] ] ) && $_COOKIE[ $_GET[ 'k' ] ] == 1 ) ) 
    3     @setcookie( $_GET[ 'k' ], time(), time()+604800, '/' ); 
     2if ( isset( $_GET[ 'k' ] ) ) { 
     3    $k = preg_replace( "/[^[:alnum:]]/i", "", $_GET[ 'k' ] ); 
     4    if ( !isset( $_COOKIE[ $k ] ) || ( isset( $_COOKIE[ $k ] ) && $_COOKIE[ $k ] == 1 ) ) 
     5        @setcookie( $k, time(), time()+604800, '/' ); 
     6} 
     7 
    48if ( isset( $_GET[ 'o' ] ) ) { 
    59    header("Content-type: image/gif"); 
Note: See TracChangeset for help on using the changeset viewer.