MITM risk of not sanitizing?

This is the official answer from the WordPress Plugin Review Team:

PHP runs processes one at a time.

If step 1 is “Validate” and step 2 is save, then between step 1 and 2
is where a MITM happens.

Now. You may be thinking “But come on, nothing could possibly happen
there! That’s too fast!” And the probability is you are 99% correct.
But. is that 1% worth the risk? No. Not when you can just wrap it and
sanitize it and save yourself from a hacker more clever than you or I.

Remember a lot of santization is ‘Are you SURE?’ and really we never
are.

This is fine:

function add_cookie_to_order( $order_id ) { if ( isset(
$_COOKIE[‘tm_clickid’] ) && preg_match(
‘/^[A-Z][A-Z][A-Z]?[0-9a-f]{32}$/’, $_COOKIE[‘tm_clickid’] ) ) {
$tm_clickid = sanitize_text_field( $_COOKIE[‘tm_clickid’] );
update_post_meta( $order_id, ‘tm_clickid’, $tm_clickid ); } }

So you have to do it that way and pass the variable through the wordpress sanitize function, to have the plugin approved.

Related Posts:

  1. How to safely sanitize a textarea which takes full HTML input
  2. Sanitizing, Validating and Escaping in WordPress (Plugin)
  3. Sanitize $_GET variable when comparing
  4. Can we validate data from jquery
  5. How can I properly sanitize the update_option in WordPress?
  6. Update plugin from personal API
  7. Loading external page template and enqueue script from plugin causes 403 forbidden error
  8. Symlinked plugin directory doesn’t appear in Admin
  9. Where the Nickname is being used in WordPress
  10. Is their any way to Extend WPDB class and Overwrite the Default Query Function
  11. How can I include a setting that has a variable number of values in a settings page using register_setting?
  12. Adding dynamic section to WordPress
  13. Custom data-id wp_enqueue_script
  14. Yoast SEO blocking/re-initialising longer running process
  15. Add Fields with Sub-Fields to WP Job Manager
  16. template_redirect not being called when using ajax
  17. How use %like% in sql statement wordpress
  18. Can I use a form in a dashboard widget?
  19. Is there a way to alter the order in which the plugins appear in the page?
  20. How to correctly detect accessing wp-content/uploads?
  21. How to create custom embed block in gutenberg wordpress
  22. How can sanitize $_FILES[‘haq_slider’] field
  23. How to trigger $_GET request within admin plugin page?
  24. Is Wrapping intval() Around esc_attr() Redundant for Escaping Input?
  25. React JSX in WordPress Plugin Development
  26. My plugin wants to update another plugin
  27. Plugin Options Not Saving to Database in WP 4.5
  28. How to save post change url youtube link?
  29. how to disable blockrenderAppender inside all Innerblocks?
  30. Redirection of users away from wp-admin (but not administrators)
  31. Change commission_status paid when withdraw_status vendor is completed
  32. Using SVN to upload plugin created with gutenberg blocks
  33. Force quit running background job
  34. WordPress Plugin [closed]
  35. Proper way to replace the_content only for pages created by custom plugin
  36. Check if plugin exists/active “class_exists()” does not work on plugin territory
  37. Certain functions are undefined when called form mu-plugins
  38. Why is the ‘Gutenberg’ Plugin generating an ‘Inconsistent File Permissions’ error when other Plugins, with the same permissions, do not?
  39. Can plugin2 uninstall plugin1 at the very beginning of plugin2’s installation?
  40. WordPress front end AJAX. Return 0 :?
  41. breadcrumb need to show all pages and subpages
  42. Widget’s container?
  43. I changed font of wordpress dashboard but it is slow!
  44. Get Every Key & Value from Array then Display All in New Line
  45. WordPress 5.4 – How to prevent to enter only certain values in custom field
  46. Plugin temporary files and files to download via FTP
  47. DB Query not working in Plugin
  48. Error with get_price (and others) in self-written plugin to show price
  49. Make plugin php file called directly aware of WordPress?
  50. sending different email notification while registration based on user role
  51. WordPress Widget Not Saving Instance
  52. Issue with wp_handle_upload
  53. Next Previous Post in wordpress with previous / next link with title?
  54. How to use existing hook in twentytwelve to all theme of wordpress?
  55. How to get a notification when the plugin is installed?
  56. Different registration form for different roles
  57. WordPress Post HTML after Posting
  58. How to append new form elements in “Add New” form of Users in WordPress admin panel?
  59. Settings options not showing up on Sub Menu page in WordPress plugin
  60. My plugin does not install correctly if a previous version is still installed
  61. unregister a sidebar widget
  62. Remove List Bullets
  63. Custom Meta box change size
  64. Could add_query_arg() redirect user to external site?
  65. How to solve conflict with scripts?
  66. How to set plugin auto-update Enabled by default?
  67. wp_insert_post not inserting post from XML
  68. The Build menu theme is frozen with the wordpress theme
  69. Access “wp site health info” data from plugin
  70. WordPress Frontend Page using Plugin
  71. How to translate to spanish wordpress hardcoded content/files?
  72. what functions to use to resize images and create DB metadata for them after/during upload?
  73. How to Create a Learning Management Plugin in WordPress to Manage Courses [LMS]
  74. How to prevent redoing get_posts queries and make results available to other scripts?
  75. Prefix WordPress Taxonomy Tags With Hashtag Symbol Like Twitter
  76. Change Woo Custom Endpoint Titles from a Plugin
  77. Overwriting Plugin’s Ajax callback function from theme
  78. How can I get the Post ID and Post Type within a Must Use Plugin?
  79. Get input form data posted by users
  80. Can’t find variable is_single in my jQuery plugin
  81. WordPress Cron function is not working
  82. wp_verify_nonce fails always
  83. Custom Plugin: Point to `template_directory`
  84. WP internationalization not loaded
  85. Plugin options not appearing on options page using tabbed navigation
  86. Adding custom cron_schedule prior to wp_schedule_event
  87. Create plugin with form in post and submit it to specific form
  88. Storing values in Post Meta vs new tables
  89. Get page type to display content
  90. Widget redirecting to home page
  91. Capturing POST data
  92. Is an Office a custom post type [closed]
  93. map urls to plugins
  94. How to add image for custom taxonomy
  95. I am using multi image metabox plugin but I did get how to display the images in templete?
  96. How to open author url linked to a new tab in settings page in the WordPress plugin list
  97. Why is my menu page not being displayed?
  98. How can I make my plugin detect if a certain theme is active?
  99. Plugin Block at the backend of every page or post
  100. How to provide page_template path in custom plugin using WordPress