asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add sanitization to event meta boxes

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-06 00:27:35 +09:00
parent 1baf375882
commit 39cf8f9662
9 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-details.php
View File

@@ -73,11 +73,11 @@ class SP_Meta_Box_Event_Details {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_day', sp_array_value( $_POST, 'sp_day', null ) );
update_post_meta( $post_id, 'sp_minutes', sp_array_value( $_POST, 'sp_minutes', get_option( 'sportspress_event_minutes', 90 ) ) );
update_post_meta( $post_id, 'sp_day', sp_array_value( $_POST, 'sp_day', null, 'text' ) );
update_post_meta( $post_id, 'sp_minutes', sp_array_value( $_POST, 'sp_minutes', get_option( 'sportspress_event_minutes', 90 ), 'int' ) );
$venues = array_filter( sp_array_value( sp_array_value( $_POST, 'tax_input', array() ), 'sp_venue', array() ) );
if ( empty( $venues ) ) {
$teams = sp_array_value( $_POST, 'sp_team', array() );
$teams = sp_array_value( $_POST, 'sp_team', array(), 'int' );
$team = reset( $teams );
$venue = sp_get_the_term_id( $team, 'sp_venue' );
wp_set_post_terms( $post_id, $venue, 'sp_venue' );

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-format.php
View File

@@ -34,6 +34,6 @@ class SP_Meta_Box_Event_Format {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'league' ) );
update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'league', 'text' ) );
}
}

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-mode.php
View File

@@ -33,6 +33,6 @@ class SP_Meta_Box_Event_Mode {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_mode', sp_array_value( $_POST, 'sp_mode', 'team' ) );
update_post_meta( $post_id, 'sp_mode', sp_array_value( $_POST, 'sp_mode', 'team', 'text' ) );
}
}

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-officials.php
View File

@@ -70,6 +70,6 @@ class SP_Meta_Box_Event_Officials {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_officials', sp_array_value( $_POST, 'sp_officials', array() ) );
update_post_meta( $post_id, 'sp_officials', sp_array_value( $_POST, 'sp_officials', array(), 'int' ) );
}
}

10
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-performance.php
View File

@@ -69,13 +69,13 @@ class SP_Meta_Box_Event_Performance {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_players', sp_array_value( $_POST, 'sp_players', array() ) );
update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', array() ) );
update_post_meta( $post_id, 'sp_timeline', sp_array_value( $_POST, 'sp_timeline', array() ) );
update_post_meta( $post_id, 'sp_stars', sp_array_value( $_POST, 'sp_stars', array() ) );
update_post_meta( $post_id, 'sp_players', sp_array_value( $_POST, 'sp_players', array(), 'text' ) );
update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', array(), 'int' ) );
update_post_meta( $post_id, 'sp_timeline', sp_array_value( $_POST, 'sp_timeline', array(), 'text' ) );
update_post_meta( $post_id, 'sp_stars', sp_array_value( $_POST, 'sp_stars', array(), 'text' ) );
if ( isset( $_POST['sp_columns'] ) ) {
$columns = array_filter( (array) $_POST['sp_columns'] );
$columns = array_filter( (array) sp_array_value( $_POST, 'sp_columns', array(), 'text' ) );
update_post_meta( $post_id, 'sp_columns', $columns );
}
}

6
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-results.php
View File

@@ -34,11 +34,11 @@ class SP_Meta_Box_Event_Results {
* Save meta box data
*/
public static function save( $post_id, $post ) {
$results = (array)sp_array_value( $_POST, 'sp_results', array() );
$results = (array)sp_array_value( $_POST, 'sp_results', array(), 'text' );
$main_result = get_option( 'sportspress_primary_result', null );
// Get player performance
$performance = sp_array_value( $_POST, 'sp_players', array() );
$performance = sp_array_value( $_POST, 'sp_players', array(), 'text' );
// Initialize finished
$finished = false;
@@ -212,7 +212,7 @@ class SP_Meta_Box_Event_Results {
// Update meta
update_post_meta( $post_id, 'sp_results', $results );
update_post_meta( $post_id, 'sp_result_columns', sp_array_value( $_POST, 'sp_result_columns', array() ) );
update_post_meta( $post_id, 'sp_result_columns', sp_array_value( $_POST, 'sp_result_columns', array(), 'key' ) );
}
/**

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-specs.php
View File

@@ -48,6 +48,6 @@ class SP_Meta_Box_Event_Specs {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_specs', sp_array_value( $_POST, 'sp_specs', array() ) );
update_post_meta( $post_id, 'sp_specs', sp_array_value( $_POST, 'sp_specs', array(), 'text' ) );
}
}

12
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-teams.php
View File

@@ -143,7 +143,7 @@ class SP_Meta_Box_Event_Teams {
* Save meta box data
*/
public static function save( $post_id, $post ) {
$teams = sp_array_value( $_POST, 'sp_team', array() );
$teams = sp_array_value( $_POST, 'sp_team', array(), 'int' );
sp_update_post_meta_recursive( $post_id, 'sp_team', $teams );
@@ -159,14 +159,14 @@ class SP_Meta_Box_Event_Teams {
$tabs = array();
$sections = get_option( 'sportspress_event_performance_sections', -1 );
if ( -1 == $sections ) {
sp_update_post_meta_recursive( $post_id, 'sp_player', sp_array_value( $_POST, 'sp_player', array() ) );
sp_update_post_meta_recursive( $post_id, 'sp_player', sp_array_value( $_POST, 'sp_player', array(), 'int' ) );
} else {
$players = array_merge( sp_array_value( $_POST, 'sp_offense', array() ), sp_array_value( $_POST, 'sp_defense', array() ) );
sp_update_post_meta_recursive( $post_id, 'sp_offense', sp_array_value( $_POST, 'sp_offense', array() ) );
sp_update_post_meta_recursive( $post_id, 'sp_defense', sp_array_value( $_POST, 'sp_defense', array() ) );
$players = array_merge( sp_array_value( $_POST, 'sp_offense', array() ), sp_array_value( $_POST, 'sp_defense', array(), 'int' ) );
sp_update_post_meta_recursive( $post_id, 'sp_offense', sp_array_value( $_POST, 'sp_offense', array(), 'int' ) );
sp_update_post_meta_recursive( $post_id, 'sp_defense', sp_array_value( $_POST, 'sp_defense', array(), 'int' ) );
sp_update_post_meta_recursive( $post_id, 'sp_player', $players );
}
sp_update_post_meta_recursive( $post_id, 'sp_staff', sp_array_value( $_POST, 'sp_staff', array() ) );
sp_update_post_meta_recursive( $post_id, 'sp_staff', sp_array_value( $_POST, 'sp_staff', array(), 'int' ) );
}
}
}

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-event-video.php
View File

@@ -42,6 +42,6 @@ class SP_Meta_Box_Event_Video {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_video', sp_array_value( $_POST, 'sp_video', null ) );
update_post_meta( $post_id, 'sp_video', sp_array_value( $_POST, 'sp_video', null, 'text' ) );
}
}