asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize and unslash all inputs

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-14 13:49:51 +09:00
parent 8873e5adeb
commit a605d7ed1a
30 changed files with 98 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
includes/sp-template-hooks.php
View File

@@ -235,16 +235,16 @@ function sportspress_sanitize_title( $title ) {
return $title;
elseif ( isset( $_POST ) && array_key_exists( 'post_type', $_POST ) && is_sp_config_type( $_POST['post_type'] ) ) :
elseif ( isset( $_POST ) && array_key_exists( 'post_type', $_POST ) && is_sp_config_type( sanitize_key( $_POST['post_type'] ) ) ) :
$key = isset( $_POST['sp_key'] ) ? sanitize_text_field( $_POST['sp_key'] ) : null;
$key = isset( $_POST['sp_key'] ) ? sanitize_text_field( wp_unslash( $_POST['sp_key'] ) ) : null;
if ( ! $key ) {
$key = isset( $_POST['sp_default_key'] ) ? sanitize_text_field( $_POST['sp_default_key'] ) : null;
$key = isset( $_POST['sp_default_key'] ) ? sanitize_text_field( wp_unslash( $_POST['sp_default_key'] ) ) : null;
}
if ( ! $key ) {
$key = sanitize_text_field( $_POST['post_title'] );
$key = sanitize_text_field( wp_unslash( $_POST['post_title'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
}
$id = sp_array_value( $_POST, 'post_ID', 'var', 'text' );