Skip to content

Commit

Permalink
Use FILTER_SANITIZE_EMAIL filter to sanitize email input (#8957)
Browse files Browse the repository at this point in the history
  • Loading branch information
hsingyuc authored Jun 14, 2024
1 parent 13ea0cf commit 0948bf9
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
Significance: patch
Type: update

Use FILTER_SANITIZE_EMAIL to sanitize email input
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,7 @@ function ( $js_config ) use ( $order ) {
$session_email = is_array( $customer ) && isset( $customer['email'] ) ? $customer['email'] : '';
}

// Silence the filter_input warning because we are sanitizing the input with sanitize_email().
// nosemgrep: audit.php.lang.misc.filter-input-no-filter.
$user_email = isset( $_POST['email'] ) ? sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email' ) ) ) : $session_email;
$user_email = isset( $_POST['email'] ) ? sanitize_email( wp_unslash( filter_input( INPUT_POST, 'email', FILTER_SANITIZE_EMAIL ) ) ) : $session_email;

$js_config['order_id'] = $order->get_id();
// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotValidated
Expand Down

0 comments on commit 0948bf9

Please sign in to comment.