Do We Need to Validate, Sanitize, or Filter Simple Numerical Superglobals (Cookies and Post)?

Without reading the question, just from the title, the answer is YES. Any input from the outside world should be validated and sanitized where appropriate, and this include inpude the server recieves the fact that it might have been generated in a form you designed is irrelevant. Input should never be trusted.

Now about internal consistency. After you already validate and sanitized the input fields you should check that the data makes sense in the context you expect to handle it. If you expect a post id of a post then you need to check not only that it actually exists but also that it is not a page. This is really just another aspect of validation… and the sooner you do it in your code path and more detailed your error message is the easier your life will be.

So how exactly to do it? There is no recipe, different contexts require different validation and sanitation. It is probably better to start as strict as you can and then relax checks only if you have too.

Related Posts:

  1. How to safely sanitize a textarea which takes full HTML input
  2. Keep one user logged for a year?
  3. Disable saving comment details (name, e-mail) in cookie?
  4. How to allow HTML tags into WP Bakery (formerly Visual Composer) `textfield` parameter
  5. How do I sanitize a javascript text?
  6. Security error WP 4.0 + WP phpBB Bridge [closed]
  7. Detecting $_GET parameters from any page + Cookie
  8. Set cookie then immediantly refresh the page
  9. Popup Cookie WordPress select language and section (Elementor)
  10. Sanitizing, Validating and Escaping in WordPress (Plugin)
  11. MITM risk of not sanitizing?
  12. Which escape function to use when escaping an email or plain text?
  13. Why is my staging subdomain not sending wordpress_logged_in cookies?
  14. How to delete Passwrd Protected posts cookies when a user logged out from the site
  15. CSS from textarea in options page to frontend what to do
  16. How to sanitize uploaded file filename from a plugin?
  17. How to save generated JWT token to cookies on login?
  18. WordPress Keeps Logging Out – What Tests Can I Run to Solve This?
  19. User Session and Stored Cookies not get removed
  20. Where does the cookie mo_page_views_counter come from?
  21. How to handle cookies from a WordPress plugin on a cached page?
  22. Login cookies set as wrong domain
  23. add_action in a custom plugin
  24. Sanitize $_GET variable when comparing
  25. Displaying content based on drop-down menu selection sitewide
  26. Blurry images when loading the page first time
  27. Cookies set by a plugin in wordpress for tracking
  28. Codeless random token generation to pass into multiple tracking links in a single page load
  29. Identify User Language, Redirect to the corresponding page and Save the chosen language as Cookie
  30. Cookie value changes back to previous value after changing
  31. Display value of the GET parameter in a new URL page
  32. Block Google tracking on refuse consent of the user with plugin
  33. WordPress Admin login redirect to homepage
  34. How can I store user preferences in WordPress and retreive them later?
  35. WordPress delete cookie
  36. Why does WordPress use cookies for /wp-admin and /wp-content/plugins for non-admin users [duplicate]
  37. Implementation to count page visits of unique visitors based on a cookie
  38. admin-ajax.php not working properly on subdomains
  39. Cookie set in a plugin visible in admin but not on front
  40. Can we validate data from jquery
  41. How can I save cookies to members
  42. Escaping and sanitization
  43. Save selectlist value (taxonomy) in wp:wp_set_object_terms
  44. set cookies for my whole site is not working
  45. Auto post with filling templates from external data and update periodical
  46. WordPress Plugin: Where should I put my cookies for cURL?
  47. Undefined constant error in pluggable.php
  48. How to resolve these findings from security audit
  49. ERROR: Cookies are blocked due to unexpected output – no access to FTP
  50. How to delete Password Protected posts cookies when a user logged out from the site
  51. How can I properly sanitize the update_option in WordPress?
  52. Stop the user if login from the cookies
  53. Best practice way to delete user meta data during plugin uninstall?
  54. Remove Google Fonts Which Are (Probably) Added By Plugins
  55. Tag selector like stackexchange?
  56. WordPress shortcodes & performance
  57. How does wordpress distinguish a plugin’s main php file from other php files? [duplicate]
  58. Plugin: How should I handle deleting comments?
  59. wordpress plugin that show my reputation (points) in any stackexchange project in my wordpress blogs
  60. Getting the Product object in a custom loop
  61. Why was my plugin rejected from the WordPress.org repository?
  62. Disallow authors to edit/delete their own or other published posts
  63. how to Include json manifest file in wp plugin
  64. How to get 1 or 2 specific posts on top of my wordpress blog?
  65. How to find a run away wordpress plugin causing performance problems
  66. Getting value from dymanic text variable into Contact Form 7
  67. className not populating in custom block
  68. How to export post 2 posts WordPress plugin data [closed]
  69. automatic plugin install availability: server configuration
  70. Display custom content using page.php from theme
  71. Use $_GET inside a shortcode print empty Array
  72. Conditional tag doesn’t work in WordPress plugin
  73. How to check if an email was sent from or originated from a specific plugin?
  74. Search Results Page filter by page title
  75. Activate and deactivate plugin automatically
  76. WooCommerce: after install hook
  77. Theme My Login Shortcode Doesn’t Return Anything
  78. wp_redirect not working on plugin
  79. Inserting Plugins Into Blank Space of Externally Designed WordPress Theme
  80. How to handle a WordPress blog with articles in different languages?
  81. Call javascript functions from each page
  82. how to render dashboard widgets conditionaly in wordpress admin
  83. Redirect plugin after form submit or show errors
  84. How to data add to table when update post wordpress? when we clicked!
  85. can’t unzip file
  86. Looking for WordPress PDF Converter with Custom Templates?
  87. ACF Fields are not showing up on Homepage
  88. WordPress not encoding “é”
  89. I enabled debugging but I still get the same message: There has been a critical error on your website
  90. Implementing Scrollable Images
  91. WordPress Categories as a Grid
  92. How to setup same post slug for different categories?
  93. Non english charcters support for WP Customer Reviews
  94. Activate plugins by a theme’s functions.php?
  95. Slider Plugins for header [closed]
  96. iframe not showing on frontend when using a CMB2 field
  97. Cannot edit Sidebar in any theme in wordpress
  98. how to update wordpress plugin programmatically using plugin path
  99. How to get all scripts and styles from the header. Including those added by plugins?
  100. How to add links to different language versions of WordPress