Hey guys, long time no forums, I’ve been buried in a full time job doing nothing but wordpress for the last eight months and WOW am I glad to be done with that…
Anyhoo, because I’ve been so buried in Wordpress for so long, I need somebody to verify the safety of some string sanitization, because the equivalent code would NOT be safe at all on a Wordpress site:
if ($filename = get('filename')) {
$img = $page->files()->get($filename)
// ...
After the above code, can I reasonably assume that $img
will either be false
or the appropriate $file
object? Are code injections or any other exploits a concern at all?
Thanks!