asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX: Minor security issue

Browse Source
This commit is contained in:
savvasha
2021-09-26 16:22:35 +03:00
parent 12ab5579a9
commit 3e485f0a03
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
includes/admin/post-types/class-sp-admin-cpt-event.php
View File

@@ -262,7 +262,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
if ( $typenow != 'sp_event' ) if ( $typenow != 'sp_event' )
return; return;
$selected = isset( $_REQUEST['team'] ) ? $_REQUEST['team'] : null; $selected = isset( $_REQUEST['team'] ) ? esc_attr( $_REQUEST['team'] ) : null;
$args = array( $args = array(
'post_type' => 'sp_team', 'post_type' => 'sp_team',
'name' => 'team', 'name' => 'team',
@@ -272,7 +272,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
); );
wp_dropdown_pages( $args ); wp_dropdown_pages( $args );
$selected = isset( $_REQUEST['sp_league'] ) ? $_REQUEST['sp_league'] : null; $selected = isset( $_REQUEST['sp_league'] ) ? esc_attr( $_REQUEST['sp_league'] ) : null;
$args = array( $args = array(
'show_option_all' => __( 'Show all leagues', 'sportspress' ), 'show_option_all' => __( 'Show all leagues', 'sportspress' ),
'taxonomy' => 'sp_league', 'taxonomy' => 'sp_league',
@@ -281,7 +281,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
); );
sp_dropdown_taxonomies( $args ); sp_dropdown_taxonomies( $args );
$selected = isset( $_REQUEST['sp_season'] ) ? $_REQUEST['sp_season'] : null; $selected = isset( $_REQUEST['sp_season'] ) ? esc_attr( $_REQUEST['sp_season'] ) : null;
$args = array( $args = array(
'show_option_all' => __( 'Show all seasons', 'sportspress' ), 'show_option_all' => __( 'Show all seasons', 'sportspress' ),
'taxonomy' => 'sp_season', 'taxonomy' => 'sp_season',
@@ -290,7 +290,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
); );
sp_dropdown_taxonomies( $args ); sp_dropdown_taxonomies( $args );
$selected = isset( $_REQUEST['match_day'] ) ? $_REQUEST['match_day'] : null; $selected = isset( $_REQUEST['match_day'] ) ? esc_attr( $_REQUEST['match_day'] ) : null;
echo '<input name="match_day" type="text" class="sp-tablenav-input" placeholder="' . __( 'Match Day', 'sportspress' ) . '" value="' . $selected . '">'; echo '<input name="match_day" type="text" class="sp-tablenav-input" placeholder="' . __( 'Match Day', 'sportspress' ) . '" value="' . $selected . '">';
if ( current_user_can( 'edit_others_sp_events' ) ) if ( current_user_can( 'edit_others_sp_events' ) )