Bad Requests: Validate email-share-nonce field in Jetpack Share by Email requests.

obenland · obenland · commit ff8ccb8bd98c · 2026-03-29T01:30:24.000Z
Avoids a PHP warning when vulnerability scanners send the nonce as an array. git-svn-id: https://meta.svn.wordpress.org/sites/trunk@14775 74240141-8908-4e6f-9713-ba540dce6ec7
diff --git a/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php b/wordpress.org/public_html/wp-content/mu-plugins/pub/wporg-bad-request.php
@@ -215,6 +215,7 @@ function check_for_invalid_query_vars( $vars, $ref = '$public_query_vars' ) {
 		'source_email',
 		'source_f_name',
 		'source_name',
+		'email-share-nonce',
 	];
 
 	foreach ( $share_by_email_fields as $field ) {
