Using a variable from GET headers, is this code safe?

Hey guys, long time no forums, I’ve been buried in a full time job doing nothing but wordpress for the last eight months and WOW am I glad to be done with that…

Anyhoo, because I’ve been so buried in Wordpress for so long, I need somebody to verify the safety of some string sanitization, because the equivalent code would NOT be safe at all on a Wordpress site:

if ($filename = get('filename')) {
  $img = $page->files()->get($filename)
  // ...

After the above code, can I reasonably assume that $img will either be false or the appropriate $file object? Are code injections or any other exploits a concern at all?


Welcome back. :smiley:

That should be fine. The only thing this code does internally is to check if the key is set in an array of files, so unless there is a major PHP bug, there shouldn’t be any problem.