Following the widespread vulnerability of WooCommerce Payments, I tried testing the vulnerable code against WPCS -- but WPCS reported nothing.
if ( ! isset( $_SERVER['HTTP_X_WCPAY_PLATFORM_CHECKOUT_USER'] ) || ! is_numeric( $_SERVER['HTTP_X_WCPAY_PLATFORM_CHECKOUT_USER'] ) ) {
return null;
}
return (int) $_SERVER['HTTP_X_WCPAY_PLATFORM_CHECKOUT_USER'];
Is your feature request related to a problem?
Following the widespread vulnerability of WooCommerce Payments, I tried testing the vulnerable code against WPCS -- but WPCS reported nothing.
Describe the solution you'd like
I suggest adding a similar check that exists for
$_POST:WordPress.Security.NonceVerification.Missing.Additional context (optional)