Bug Description
The $_REQUEST['target'] parameter used in the image editing compatibility logic for WebP is not being sanitized. Since it is only used in string comparison, this is not actual a security flaw, but we should still sanitize it for good measure.
I would suggest we use sanitize_key() on those occurrences, since the parameter is essentially just used with lowercase "identifiers" to represent a certain target.
Bug Description
The
$_REQUEST['target']parameter used in the image editing compatibility logic for WebP is not being sanitized. Since it is only used in string comparison, this is not actual a security flaw, but we should still sanitize it for good measure.I would suggest we use
sanitize_key()on those occurrences, since the parameter is essentially just used with lowercase "identifiers" to represent a certain target.