asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize and unslash all inputs

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-14 13:49:51 +09:00
parent 8873e5adeb
commit a605d7ed1a
30 changed files with 98 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
includes/admin/importers/class-sp-fixture-importer.php
View File

@@ -54,10 +54,10 @@ if ( class_exists( 'WP_Importer' ) ) {
$rows = array_chunk( $array, sizeof( $columns ) );
// Get event format, league, and season from post vars
$event_format = ( empty( $_POST['sp_format'] ) ? false : $_POST['sp_format'] );
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : $_POST['sp_league'] );
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : $_POST['sp_season'] );
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : $_POST['sp_date_format'] );
$event_format = ( empty( $_POST['sp_format'] ) ? false : sanitize_key( $_POST['sp_format'] ) );
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : sanitize_key( $_POST['sp_league'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : sanitize_key( $_POST['sp_season'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( wp_unslash( $_POST['sp_date_format'] ) ) );
foreach ( $rows as $row ) :