Privacy: More precise checking of user request action names.

Props garrett-eclipse. Fixes #46536. git-svn-id: https://develop.svn.wordpress.org/trunk@49475 602fd350-edb4-49c9-b593-d223f7449a82
2026-06-28 14:20:15 +00:00 · 2020-11-02 18:40:06 +00:00
parent 4985f741d3
commit 140b29db87
4 changed files with 40 additions and 6 deletions
--- a/src/wp-includes/user.php
+++ b/src/wp-includes/user.php
@@ -3773,7 +3773,7 @@ function wp_create_user_request( $email_address = '', $action_name = '', $reques
 		return new WP_Error( 'invalid_email', __( 'Invalid email address.' ) );
 	}

-	if ( ! $action_name ) {
+	if ( ! in_array( $action_name, _wp_privacy_action_request_types(), true ) ) {
 		return new WP_Error( 'invalid_action', __( 'Invalid action name.' ) );
 	}