asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Additional sanitization for setup wizard

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-09 03:51:03 +09:00
parent e09b26d85a
commit 02891af11c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
includes/admin/class-sp-admin-setup-wizard.php
View File

@@ -305,7 +305,7 @@ class SP_Admin_Setup_Wizard {
check_admin_referer( 'sp-setup' ); check_admin_referer( 'sp-setup' );
// Update timezone // Update timezone
$timezone_string = $_POST['timezone_string']; $timezone_string = sanitize_text_field( $_POST['timezone_string'] );
if ( ! empty( $timezone_string ) && preg_match( '/^UTC[+-]/', $timezone_string ) ) { if ( ! empty( $timezone_string ) && preg_match( '/^UTC[+-]/', $timezone_string ) ) {
$gmt_offset = $timezone_string; $gmt_offset = $timezone_string;
$gmt_offset = preg_replace( '/UTC\+?/', '', $gmt_offset ); $gmt_offset = preg_replace( '/UTC\+?/', '', $gmt_offset );
@@ -492,7 +492,7 @@ class SP_Admin_Setup_Wizard {
if ( ! empty( $_POST['staff'] ) ) { if ( ! empty( $_POST['staff'] ) ) {
$post['post_type'] = 'sp_staff'; $post['post_type'] = 'sp_staff';
$post['post_title'] = $_POST['staff']; $post['post_title'] = sanitize_text_field( $_POST['staff'] );
$id = wp_insert_post( $post ); $id = wp_insert_post( $post );
// Add role // Add role