Type Juggling
Introduction
This article covers ways to secure the code from Type Juggling vulnerability on WordPress.
How to secure
Always use strict comparison instead of loose comparison to prevent the risks of type juggling. The example below showcases how using !== can fix type juggling issues.
add_action("wp_ajax_nopriv_get_config", "get_config");
function get_config(){ $secret_key = get_option('my_secret_key'); // my_secret_key = test1235
$data = json_decode(stripslashes($_GET['data']), true);
if ($data['key'] !== $secret_key) { //Using !== instead of != exit; }
echo "Sensitive information for admin only!";}Contributors
