| changeset 21 | 48c4eec2b7e6 |
| parent 19 | 3d72ae0968f4 |
| child 22 | 8c2e4d02f4ef |
--- a/wp/wp-admin/admin-post.php Thu Sep 29 08:06:27 2022 +0200 +++ b/wp/wp-admin/admin-post.php Fri Sep 05 18:40:08 2025 +0200 @@ -29,7 +29,7 @@ /** This action is documented in wp-admin/admin.php */ do_action( 'admin_init' ); -$action = ! empty( $_REQUEST['action'] ) ? $_REQUEST['action'] : ''; +$action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : ''; // Reject invalid parameters. if ( ! is_scalar( $action ) ) {