السلام عليكم
بعد إضافة بلاجن ووردبرس ل wordpress .org repo البلاجن لم يقبل و يجب تصحيح بعض أخطاء الكود المتعلقة بال security و تمت المراسلة بالرسالة هذه
## Data Must be Sanitized, Escaped, and Validated
When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.
SANITIZE: Data that is input (either by a user or automatically) must be sanitized as soon as possible. This lessens the possibility of XSS vulnerabilities and MITM attacks where posted data is subverted.
VALIDATE: All data should be validated, no matter what. Even when you sanitize, remember that you don’t want someone putting in ‘dog’ when the only valid values are numbers.
ESCAPE: Data that is output must be escaped properly when it is echo'd, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data.
To help you with this, WordPress comes with a number of sanitization and escaping functions. You can read about those here:
## Variables and options must be escaped when echo'd
Much related to sanitizing everything, all variables that are echoed need to be escaped, so it can't hijack admin screens. There are many esc_*() functions you can use to make sure you don't show people the wrong data.
This is true for all $-variables, as it's possible that an XSS vulnerability in another plugin, or a MITM (Man in the Middle) attack, could subvert your data. It's doubly important when you're echoing content on the back-end of WordPress, as those are regularly targeted for exploits. By escaping, you ensure that you have future-proofed your plugin and protected your users.
This remains true of options you've saved to the database. Even if you've properly sanitized when you saved, the tools for sanitizing and escaping aren't interchangeable (except for esc_url(), and yes, we know that's confusing). Sanitizing makes sure it's safe for processing and storing in the database. Escaping makes it safe to output.
Also keep in mind that sometimes a function is echoing when it should really be returning content instead. This is a common mistake when it comes to returning JSON encoded content. Very rarely is that actually something you should be echoing at all. Echoing is because it needs to be on the screen, read by a human. Returning (which is what you would do with an API) can be json encoded, though remember to sanitize when you save to that json object!
There are a number of options to secure all types of content (html, email, etc). Yes, even HTML needs to be properly escaped.
الملفات المفروض العمل عليها 4
أرجو من المستقل أن يكون على دراية بالموضوع و أن يصحح الكود بمتابعة التوضيحات فالرسالة .
| تاريخ التسجيل | |
| معدل التوظيف | |
| المشاريع المفتوحة | 0 |
| مشاريع قيد التنفيذ | 0 |
| التواصلات الجارية | 0 |
مرحبا انا بدر مهندس برمجيات من المغرب لدي خبرة عملية لمدة 7 سنين قد اطلعت على تفاصيل المشروع الذي ترغب بالقيام به، وانا مستعد للعمل معا على تصحيح الإضافة في أقر...
إسمي مصطفى مصمم و مطور تطبيقات الويب، لقد قرأت الرسالة جيدا و تبين ان المشكل ات من حقول ادخال البيانات من المستخدمين، وهي حقول تحتاج الى ان تكون validate , Sani...
السلام عليكم..كيف حالك أستاذ رحيم لقد قرأت رسالة الخطأ بالكامل وحللت المشكلة المشكلة في إضافة بوست جديد , لا أعلم ماهي البلاغن التي تستخدمها لكن بالتأكيد قديمة ...
السلام عليكم لقد اطلعت على مشروعك و أنا قادر ان شاء الله على انجاز المطلوب المرجو التواصل معي و شكرا