New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add WordPress.Security.SafeRedirect XML documentation #1742
Add WordPress.Security.SafeRedirect XML documentation #1742
Conversation
<documentation title="Safe Redirect"> | ||
<standard> | ||
<![CDATA[ | ||
Safe redirects must be used. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to see this expanded - why must safe redirects be used? What is a safe redirect? Why does a non-safe redirect even exist? Where can I find out more about this concept? etc.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @marconmartins, thank you again for this PR. Mostly looking great.
I do concur with @GaryJones that it would be great if the generic rule explanation could be expanded a bit.
The following articles may help to get some inspiration:
- https://www.pluginvulnerabilities.com/2018/11/26/security-tip-for-wordpress-plugin-developers-use-wp_safe_redirect-instead-of-wp_redirect/
- https://wp-kama.com/function/wp_safe_redirect
Other than that, the docs are just missing the <em> ...</em>
tags to highlight good/bad code, but we weren't that clear about that in the initial explanation, so sorry about that!
I look forward to the next iteration!
<code_comparison> | ||
<code title="Valid: Safe redirect."> | ||
<![CDATA[ | ||
wp_safe_redirect( $location ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wp_safe_redirect( $location ); | |
<em>wp_safe_redirect</em>( $location ); |
</code> | ||
<code title="Invalid: Unsafe redirect."> | ||
<![CDATA[ | ||
wp_redirect( $location ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
wp_redirect( $location ); | |
<em>wp_redirect</em>( $location ); |
@marconmartins Just wondering if you'll have a chance to finish this off in the near future. If you haven't got time or lost interest, please let us know and we'll see if we can find someone to take over. |
Closing as fixed via #1826 which was merged quite a while ago. |
No description provided.