FILTER_SANITIZE_STRING deprecated | WordPress.org

Resolved swissspaceboy
(@swissspaceboy)

4 months, 1 week ago
The plugin uses FILTER_SANITIZE_STRING which was deprecated in PHP 8.1 and removed in PHP 8.2+.

File: modules/deepl-translate-post.php
Line: 79

Current code:
```
$nonce = filter_input( INPUT_GET, '_wpdeeplnonce', FILTER_SANITIZE_STRING );
```
Suggested fix:
```
$nonce = filter_input( INPUT_GET, '_wpdeeplnonce', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
```
Or alternatively:
```
$nonce = isset( $_GET['_wpdeeplnonce'] ) ? htmlspecialchars( $_GET['_wpdeeplnonce'], ENT_QUOTES, 'UTF-8' ) : '';
```
Impact: Sites running PHP 8.1+ will see deprecation warnings. Sites running PHP 8.2+ will experience errors.

Environment:
- WordPress: 6.9
- PHP: 8.3
- Plugin version: 2.5.2
Thank you!

Didier.

Viewing 3 replies - 1 through 3 (of 3 total)

Thread Starter swissspaceboy
(@swissspaceboy)

3 months, 1 week ago

Any reply on this?

Plugin Author malaiac
(@malaiac)

3 months, 1 week ago

Fixed in 2.5.4 now available

Thread Starter swissspaceboy
(@swissspaceboy)

3 months, 1 week ago

Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

3 replies
2 participants
Last reply from: swissspaceboy
Last activity: 3 months, 1 week ago
Status: resolved