Sanitize and unslash all inputs
This commit is contained in:
Brian Miyaji
@@ -31,7 +31,7 @@ class SP_Admin_AJAX {
|
||||
function save_primary_result() {
|
||||
check_ajax_referer( 'sp-save-primary-result', 'nonce' );
|
||||
|
||||
$primary_result = sanitize_key( $_POST['primary_result'] );
|
||||
$primary_result = sanitize_key( $_POST['primary_result'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
|
||||
update_option( 'sportspress_primary_result', $primary_result );
|
||||
wp_send_json_success();
|
||||
@@ -45,7 +45,7 @@ class SP_Admin_AJAX {
|
||||
function save_primary_performance() {
|
||||
check_ajax_referer( 'sp-save-primary-performance', 'nonce' );
|
||||
|
||||
$primary_performance = sanitize_key( $_POST['primary_performance'] );
|
||||
$primary_performance = sanitize_key( $_POST['primary_performance'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
|
||||
update_option( 'sportspress_primary_performance', $primary_performance );
|
||||
wp_send_json_success();
|
||||
|
||||
@@ -94,7 +94,7 @@ if ( ! class_exists( 'SP_Admin_Permalink_Settings' ) ) :
|
||||
$key = 'sportspress_' . $slug[0] . '_slug';
|
||||
$value = null;
|
||||
if ( isset( $_POST[ $key ] ) ) {
|
||||
$value = sanitize_text_field( $_POST[ $key ] );
|
||||
$value = sanitize_text_field( wp_unslash( $_POST[ $key ] ) );
|
||||
}
|
||||
if ( empty( $value ) ) {
|
||||
delete_option( $key );
|
||||
|
||||
@@ -65,7 +65,7 @@ if ( ! class_exists( 'SP_Admin_Settings' ) ) :
|
||||
public static function save() {
|
||||
global $current_section, $current_tab;
|
||||
|
||||
if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( $_REQUEST['_wpnonce'], 'sportspress-settings' ) ) {
|
||||
if ( empty( $_REQUEST['_wpnonce'] ) || ! wp_verify_nonce( sanitize_key( $_REQUEST['_wpnonce'] ), 'sportspress-settings' ) ) {
|
||||
die( esc_html__( 'Action failed. Please refresh the page and retry.', 'sportspress' ) );
|
||||
}
|
||||
|
||||
@@ -152,8 +152,8 @@ if ( ! class_exists( 'SP_Admin_Settings' ) ) :
|
||||
self::get_settings_pages();
|
||||
|
||||
// Get current tab/section
|
||||
$current_tab = empty( $_GET['tab'] ) ? 'modules' : sanitize_title( $_GET['tab'] );
|
||||
$current_section = empty( $_REQUEST['section'] ) ? '' : sanitize_title( $_REQUEST['section'] );
|
||||
$current_tab = empty( $_GET['tab'] ) ? 'modules' : sanitize_title( wp_unslash( $_GET['tab'] ) );
|
||||
$current_section = empty( $_REQUEST['section'] ) ? '' : sanitize_title( wp_unslash( $_REQUEST['section'] ) );
|
||||
|
||||
// Save settings if data has been posted
|
||||
if ( ! empty( $_POST ) ) {
|
||||
@@ -162,11 +162,11 @@ if ( ! class_exists( 'SP_Admin_Settings' ) ) :
|
||||
|
||||
// Add any posted messages
|
||||
if ( ! empty( $_GET['sp_error'] ) ) {
|
||||
self::add_error( stripslashes( $_GET['sp_error'] ) );
|
||||
self::add_error( stripslashes( sanitize_text_field( wp_unslash( $_GET['sp_error'] ) ) ) );
|
||||
}
|
||||
|
||||
if ( ! empty( $_GET['sp_message'] ) ) {
|
||||
self::add_message( stripslashes( $_GET['sp_message'] ) );
|
||||
self::add_message( stripslashes( sanitize_text_field( wp_unslash( $_GET['sp_message'] ) ) ) );
|
||||
}
|
||||
|
||||
self::show_messages();
|
||||
@@ -737,7 +737,7 @@ if ( ! class_exists( 'SP_Admin_Settings' ) ) :
|
||||
|
||||
case 'textarea':
|
||||
if ( isset( $_POST[ $value['id'] ] ) ) {
|
||||
$option_value = wp_kses_post( trim( stripslashes( $_POST[ $value['id'] ] ) ) );
|
||||
$option_value = wp_kses_post( trim( stripslashes( sanitize_text_field( wp_unslash( $_POST[ $value['id'] ] ) ) ) ) );
|
||||
} else {
|
||||
$option_value = '';
|
||||
}
|
||||
@@ -754,7 +754,7 @@ if ( ! class_exists( 'SP_Admin_Settings' ) ) :
|
||||
case 'password':
|
||||
case 'radio':
|
||||
if ( isset( $_POST[ $value['id'] ] ) ) {
|
||||
$option_value = sanitize_text_field( stripslashes( $_POST[ $value['id'] ] ) );
|
||||
$option_value = sanitize_text_field( wp_unslash( $_POST[ $value['id'] ] ) );
|
||||
} else {
|
||||
$option_value = '';
|
||||
}
|
||||
@@ -766,7 +766,7 @@ if ( ! class_exists( 'SP_Admin_Settings' ) ) :
|
||||
case 'multi_select_countries':
|
||||
// Get countries array
|
||||
if ( isset( $_POST[ $value['id'] ] ) ) {
|
||||
$selected_countries = array_map( 'sanitize_text_field', array_map( 'stripslashes', (array) $_POST[ $value['id'] ] ) );
|
||||
$selected_countries = array_map( 'sanitize_text_field', array_map( 'wp_unslash', (array) $_POST[ $value['id'] ] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
} else {
|
||||
$selected_countries = array();
|
||||
}
|
||||
|
||||
@@ -314,7 +314,7 @@ class SP_Admin_Setup_Wizard {
|
||||
check_admin_referer( 'sp-setup' );
|
||||
|
||||
// Update timezone
|
||||
$timezone_string = sanitize_text_field( $_POST['timezone_string'] );
|
||||
$timezone_string = sanitize_text_field( wp_unslash( $_POST['timezone_string'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( ! empty( $timezone_string ) && preg_match( '/^UTC[+-]/', $timezone_string ) ) {
|
||||
$gmt_offset = $timezone_string;
|
||||
$gmt_offset = preg_replace( '/UTC\+?/', '', $gmt_offset );
|
||||
@@ -330,14 +330,14 @@ class SP_Admin_Setup_Wizard {
|
||||
}
|
||||
|
||||
// Update sport
|
||||
$sport = sanitize_text_field( $_POST['sport'] );
|
||||
$sport = sanitize_text_field( wp_unslash( $_POST['sport'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( ! empty( $sport ) && get_option( 'sportspress_sport', null ) !== $sport ) {
|
||||
SP_Admin_Sports::apply_preset( $sport );
|
||||
}
|
||||
update_option( 'sportspress_sport', $sport );
|
||||
|
||||
// Insert league
|
||||
$league = sanitize_text_field( $_POST['league'] );
|
||||
$league = sanitize_text_field( wp_unslash( $_POST['league'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( ! is_string( $league ) || empty( $league ) ) {
|
||||
$league = _x( 'Primary League', 'example', 'sportspress' );
|
||||
}
|
||||
@@ -347,7 +347,7 @@ class SP_Admin_Setup_Wizard {
|
||||
}
|
||||
|
||||
// Insert season
|
||||
$season = sanitize_text_field( $_POST['season'] );
|
||||
$season = sanitize_text_field( wp_unslash( $_POST['season'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( ! is_string( $season ) || empty( $season ) ) {
|
||||
$season = date( 'Y' );
|
||||
}
|
||||
@@ -401,7 +401,7 @@ class SP_Admin_Setup_Wizard {
|
||||
check_admin_referer( 'sp-setup' );
|
||||
|
||||
// Add away team
|
||||
$post['post_title'] = sanitize_text_field( $_POST['away_team'] );
|
||||
$post['post_title'] = sanitize_text_field( wp_unslash( $_POST['away_team'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$post['post_type'] = 'sp_team';
|
||||
$post['post_status'] = 'publish';
|
||||
$post['tax_input'] = array();
|
||||
@@ -418,7 +418,7 @@ class SP_Admin_Setup_Wizard {
|
||||
wp_insert_post( $post );
|
||||
|
||||
// Add home team
|
||||
$post['post_title'] = sanitize_text_field( $_POST['home_team'] );
|
||||
$post['post_title'] = sanitize_text_field( wp_unslash( $_POST['home_team'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
wp_insert_post( $post );
|
||||
|
||||
wp_redirect( esc_url_raw( $this->get_next_step_link() ) );
|
||||
@@ -506,8 +506,8 @@ class SP_Admin_Setup_Wizard {
|
||||
)
|
||||
);
|
||||
}
|
||||
if ( is_array( $_POST['players'] ) ) {
|
||||
foreach ( $_POST['players'] as $i => $player ) {
|
||||
if ( is_array( $_POST['players'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
foreach ( $_POST['players'] as $i => $player ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( empty( $player['name'] ) ) {
|
||||
continue;
|
||||
}
|
||||
@@ -534,7 +534,7 @@ class SP_Admin_Setup_Wizard {
|
||||
if ( ! empty( $_POST['staff'] ) ) {
|
||||
|
||||
$post['post_type'] = 'sp_staff';
|
||||
$post['post_title'] = sanitize_text_field( $_POST['staff'] );
|
||||
$post['post_title'] = sanitize_text_field( wp_unslash( $_POST['staff'] ) );
|
||||
$id = wp_insert_post( $post );
|
||||
|
||||
// Add role
|
||||
@@ -606,7 +606,7 @@ class SP_Admin_Setup_Wizard {
|
||||
$team = reset( $teams );
|
||||
|
||||
// Insert venue
|
||||
$venue = sanitize_text_field( $_POST['venue'] );
|
||||
$venue = sanitize_text_field( wp_unslash( $_POST['venue'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( ! is_string( $venue ) || empty( $venue ) ) {
|
||||
$venue = sp_array_value( $_POST, 'address', esc_attr__( 'Venue', 'sportspress' ) );
|
||||
}
|
||||
|
||||
@@ -267,10 +267,10 @@ class SP_Admin_Taxonomies {
|
||||
if ( isset( $_POST['term_meta'] ) ) {
|
||||
$t_id = $term_id;
|
||||
$term_meta = get_option( "taxonomy_$t_id" );
|
||||
$cat_keys = array_keys( $_POST['term_meta'] );
|
||||
$cat_keys = array_keys( wp_unslash( $_POST['term_meta'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
foreach ( $cat_keys as $key ) {
|
||||
if ( isset( $_POST['term_meta'][ $key ] ) ) {
|
||||
$term_meta[ $key ] = sanitize_text_field( $_POST['term_meta'][ $key ] );
|
||||
$term_meta[ $key ] = sanitize_text_field( wp_unslash( $_POST['term_meta'][ $key ] ) );
|
||||
}
|
||||
}
|
||||
update_option( "taxonomy_$t_id", $term_meta );
|
||||
|
||||
@@ -146,14 +146,14 @@ class SP_Admin_Welcome {
|
||||
<h2 class="nav-tab-wrapper">
|
||||
<a class="nav-tab
|
||||
<?php
|
||||
if ( $_GET['page'] == 'sp-about' ) {
|
||||
if ( sanitize_key( $_GET['page'] ) == 'sp-about' ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
echo 'nav-tab-active';}
|
||||
?>
|
||||
" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'sp-about' ), 'index.php' ) ) ); ?>">
|
||||
<?php esc_html_e( 'Welcome', 'sportspress' ); ?>
|
||||
</a><a class="nav-tab
|
||||
<?php
|
||||
if ( $_GET['page'] == 'sp-credits' ) {
|
||||
if ( sanitize_key( $_GET['page'] ) == 'sp-credits' ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
echo 'nav-tab-active';}
|
||||
?>
|
||||
" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'sp-credits' ), 'index.php' ) ) ); ?>">
|
||||
@@ -177,11 +177,11 @@ class SP_Admin_Welcome {
|
||||
<?php
|
||||
// Save settings
|
||||
if ( isset( $_POST['timezone_string'] ) ) :
|
||||
update_option( 'timezone_string', sanitize_text_field( $_POST['timezone_string'] ) );
|
||||
update_option( 'timezone_string', sanitize_text_field( wp_unslash( $_POST['timezone_string'] ) ) );
|
||||
update_option( 'sportspress_basic_setup', 1 );
|
||||
endif;
|
||||
if ( isset( $_POST['sportspress_sport'] ) && ! empty( $_POST['sportspress_sport'] ) ) :
|
||||
$sport = sanitize_text_field( $_POST['sportspress_sport'] );
|
||||
$sport = sanitize_text_field( wp_unslash( $_POST['sportspress_sport'] ) );
|
||||
SP_Admin_Sports::apply_preset( $sport );
|
||||
update_option( 'sportspress_sport', $sport );
|
||||
delete_option( '_sp_needs_welcome' );
|
||||
@@ -439,7 +439,7 @@ class SP_Admin_Welcome {
|
||||
return;
|
||||
}
|
||||
|
||||
if ( ( isset( $_GET['action'] ) && 'upgrade-plugin' == $_GET['action'] ) && ( isset( $_GET['plugin'] ) && strstr( $_GET['plugin'], 'sportspress.php' ) ) ) {
|
||||
if ( ( isset( $_GET['action'] ) && 'upgrade-plugin' == sanitize_key( $_GET['action'] ) ) && ( isset( $_GET['plugin'] ) && strstr( $_GET['plugin'], 'sportspress.php' ) ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
@@ -85,7 +85,7 @@ class SP_Admin {
|
||||
public function prevent_admin_access() {
|
||||
$prevent_access = false;
|
||||
|
||||
if ( 'yes' == get_option( 'sportspress_lock_down_admin' ) && ! is_ajax() && ! ( current_user_can( 'edit_posts' ) || current_user_can( 'manage_sportspress' ) ) && basename( $_SERVER['SCRIPT_FILENAME'] ) !== 'admin-post.php' ) {
|
||||
if ( 'yes' == get_option( 'sportspress_lock_down_admin' ) && ! is_ajax() && ! ( current_user_can( 'edit_posts' ) || current_user_can( 'manage_sportspress' ) ) && basename( $_SERVER['SCRIPT_FILENAME'] ) !== 'admin-post.php' ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$prevent_access = true;
|
||||
}
|
||||
|
||||
|
||||
@@ -58,10 +58,10 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
$rows = array_chunk( $array, sizeof( $columns ) );
|
||||
|
||||
// Get event format, league, and season from post vars
|
||||
$event_format = ( empty( $_POST['sp_format'] ) ? false : sanitize_text_field( $_POST['sp_format'] ) );
|
||||
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : sanitize_text_field( $_POST['sp_league'] ) );
|
||||
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : sanitize_text_field( $_POST['sp_season'] ) );
|
||||
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( $_POST['sp_date_format'] ) );
|
||||
$event_format = ( empty( $_POST['sp_format'] ) ? false : sanitize_key( $_POST['sp_format'] ) );
|
||||
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : sanitize_key( $_POST['sp_league'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : sanitize_key( $_POST['sp_season'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( wp_unslash( $_POST['sp_date_format'] ) ) );
|
||||
|
||||
// Get labels from result and performance post types
|
||||
$result_labels = sp_get_var_labels( 'sp_result' );
|
||||
|
||||
@@ -52,10 +52,10 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
$rows = array_chunk( $array, sizeof( $columns ) );
|
||||
|
||||
// Get event ID and team ID from post vars
|
||||
$event = ( empty( $_POST['sp_event'] ) ? false : sanitize_text_field( $_POST['sp_event'] ) );
|
||||
$teams = ( empty( $_POST['sp_teams'] ) ? false : sanitize_text_field( $_POST['sp_teams'] ) );
|
||||
$index = ( empty( $_POST['sp_index'] ) ? false : sanitize_text_field( $_POST['sp_index'] ) );
|
||||
$team = ( empty( $_POST['sp_team'] ) ? false : sanitize_text_field( $_POST['sp_team'] ) );
|
||||
$event = ( empty( $_POST['sp_event'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_event'] ) ) );
|
||||
$teams = ( empty( $_POST['sp_teams'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_teams'] ) ) );
|
||||
$index = ( empty( $_POST['sp_index'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_index'] ) ) );
|
||||
$team = ( empty( $_POST['sp_team'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_team'] ) ) );
|
||||
|
||||
$team_players = array( 0 );
|
||||
$team_performance = array();
|
||||
|
||||
@@ -54,10 +54,10 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
$rows = array_chunk( $array, sizeof( $columns ) );
|
||||
|
||||
// Get event format, league, and season from post vars
|
||||
$event_format = ( empty( $_POST['sp_format'] ) ? false : $_POST['sp_format'] );
|
||||
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : $_POST['sp_league'] );
|
||||
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : $_POST['sp_season'] );
|
||||
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : $_POST['sp_date_format'] );
|
||||
$event_format = ( empty( $_POST['sp_format'] ) ? false : sanitize_key( $_POST['sp_format'] ) );
|
||||
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : sanitize_key( $_POST['sp_league'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : sanitize_key( $_POST['sp_season'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( wp_unslash( $_POST['sp_date_format'] ) ) );
|
||||
|
||||
foreach ( $rows as $row ) :
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
$this->header();
|
||||
|
||||
if ( ! empty( $_POST['delimiter'] ) ) {
|
||||
$this->delimiter = stripslashes( trim( sanitize_text_field( $_POST['delimiter'] ) ) );
|
||||
$this->delimiter = stripslashes( trim( sanitize_text_field( wp_unslash( $_POST['delimiter'] ) ) ) );
|
||||
}
|
||||
|
||||
if ( ! $this->delimiter ) {
|
||||
@@ -87,8 +87,8 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
case 2:
|
||||
check_admin_referer( 'import-upload' );
|
||||
if ( isset( $_POST['sp_import'] ) ) :
|
||||
$columns = array_filter( sp_array_value( $_POST, 'sp_columns', array( 'post_title' ) ) );
|
||||
$this->import( $_POST['sp_import'], array_values( $columns ) );
|
||||
$columns = array_filter( array_map( 'sanitize_key', array_map( 'wp_unslash', sp_array_value( $_POST, 'sp_columns', array( 'post_title' ) ) ) ) );
|
||||
$this->import( $_POST['sp_import'], array_values( $columns ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
endif;
|
||||
break;
|
||||
endswitch;
|
||||
@@ -249,9 +249,9 @@ endwhile;
|
||||
|
||||
} else {
|
||||
|
||||
if ( file_exists( ABSPATH . $_POST['file_url'] ) ) {
|
||||
if ( file_exists( ABSPATH . sanitize_url( wp_unslash( $_POST['file_url'] ) ) ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
|
||||
$this->file_url = sanitize_url( $_POST['file_url'] );
|
||||
$this->file_url = sanitize_url( wp_unslash( $_POST['file_url'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
|
||||
} else {
|
||||
|
||||
|
||||
@@ -56,7 +56,7 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
$rows = array_chunk( $array, sizeof( $columns ) );
|
||||
|
||||
// Get Date of Birth format from post vars
|
||||
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( $_POST['sp_date_format'] ) );
|
||||
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( wp_unslash( $_POST['sp_date_format'] ) ) );
|
||||
|
||||
foreach ( $rows as $row ) :
|
||||
|
||||
|
||||
@@ -311,7 +311,7 @@ if ( ! class_exists( 'SP_Admin_CPT_Event' ) ) :
|
||||
);
|
||||
sp_dropdown_taxonomies( $args );
|
||||
|
||||
$selected = isset( $_REQUEST['match_day'] ) ? sanitize_text_field( $_REQUEST['match_day'] ) : null;
|
||||
$selected = isset( $_REQUEST['match_day'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['match_day'] ) ) : null;
|
||||
echo '<input name="match_day" type="text" class="sp-tablenav-input" placeholder="' . esc_attr__( 'Match Day', 'sportspress' ) . '" value="' . esc_attr( $selected ) . '">';
|
||||
|
||||
if ( current_user_can( 'edit_others_sp_events' ) ) {
|
||||
@@ -336,14 +336,14 @@ if ( ! class_exists( 'SP_Admin_CPT_Event' ) ) :
|
||||
if ( ! empty( $_GET['team'] ) ) {
|
||||
$query->query_vars['meta_query'][] = array(
|
||||
'key' => 'sp_team',
|
||||
'value' => $_GET['team'],
|
||||
'value' => sanitize_key( $_GET['team'] ),
|
||||
);
|
||||
}
|
||||
|
||||
if ( ! empty( $_GET['match_day'] ) ) {
|
||||
$query->query_vars['meta_query'][] = array(
|
||||
'key' => 'sp_day',
|
||||
'value' => $_GET['match_day'],
|
||||
'value' => sanitize_text_field( wp_unslash( $_GET['match_day'] ) ),
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -313,7 +313,7 @@ if ( ! class_exists( 'SP_Admin_CPT_Player' ) ) :
|
||||
}
|
||||
|
||||
$_POST += array( "{$this->type}_edit_nonce" => '' );
|
||||
if ( ! wp_verify_nonce( $_POST[ "{$this->type}_edit_nonce" ], plugin_basename( __FILE__ ) ) ) {
|
||||
if ( ! isset( $_POST[ "{$this->type}_edit_nonce" ] ) || ! wp_verify_nonce( sanitize_key( $_POST[ "{$this->type}_edit_nonce" ] ), plugin_basename( __FILE__ ) ) ) {
|
||||
return $post_id;
|
||||
}
|
||||
|
||||
@@ -325,7 +325,7 @@ if ( ! class_exists( 'SP_Admin_CPT_Player' ) ) :
|
||||
}
|
||||
|
||||
if ( isset( $_POST['sp_number'] ) ) {
|
||||
update_post_meta( $post_id, 'sp_number', $_POST['sp_number'] );
|
||||
update_post_meta( $post_id, 'sp_number', sanitize_text_field( wp_unslash( $_POST['sp_number'] ) ) );
|
||||
}
|
||||
|
||||
sp_update_post_meta_recursive( $post_id, 'sp_current_team', sp_array_value( $_POST, 'sp_current_team', array() ) );
|
||||
@@ -391,11 +391,11 @@ if ( ! class_exists( 'SP_Admin_CPT_Player' ) ) :
|
||||
*/
|
||||
public function bulk_save() {
|
||||
$_POST += array( 'nonce' => '' );
|
||||
if ( ! wp_verify_nonce( $_POST['nonce'], plugin_basename( __FILE__ ) ) ) {
|
||||
if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['nonce'] ), plugin_basename( __FILE__ ) ) ) {
|
||||
return;
|
||||
}
|
||||
|
||||
$post_ids = ( ! empty( $_POST['post_ids'] ) ) ? $_POST['post_ids'] : array();
|
||||
$post_ids = ( ! empty( $_POST['post_ids'] ) ) ? $_POST['post_ids'] : array(); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
|
||||
$current_teams = sp_array_value( $_POST, 'current_teams', array() );
|
||||
$past_teams = sp_array_value( $_POST, 'past_teams', array() );
|
||||
|
||||
@@ -58,10 +58,10 @@ if ( ! class_exists( 'SP_Admin_CPT' ) ) :
|
||||
if ( ! empty( $_GET['post_type'] ) && $this->type == $_GET['post_type'] ) {
|
||||
return true;
|
||||
}
|
||||
if ( ! empty( $_GET['post'] ) && $this->type == get_post_type( $_GET['post'] ) ) {
|
||||
if ( ! empty( $_GET['post'] ) && $this->type == get_post_type( sanitize_key( $_GET['post'] ) ) ) {
|
||||
return true;
|
||||
}
|
||||
if ( ! empty( $_REQUEST['post_id'] ) && $this->type == get_post_type( $_REQUEST['post_id'] ) ) {
|
||||
if ( ! empty( $_REQUEST['post_id'] ) && $this->type == get_post_type( sanitize_key( $_REQUEST['post_id'] ) ) ) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
@@ -329,7 +329,7 @@ class SP_Admin_Meta_Boxes {
|
||||
if ( is_int( wp_is_post_autosave( $post ) ) ) {
|
||||
return;
|
||||
}
|
||||
if ( empty( $_POST['sportspress_meta_nonce'] ) || ! wp_verify_nonce( $_POST['sportspress_meta_nonce'], 'sportspress_save_data' ) ) {
|
||||
if ( empty( $_POST['sportspress_meta_nonce'] ) || ! wp_verify_nonce( sanitize_key( $_POST['sportspress_meta_nonce'] ), 'sportspress_save_data' ) ) {
|
||||
return;
|
||||
}
|
||||
if ( ! apply_filters( 'sportspress_user_can', current_user_can( 'edit_post', $post_id ), $post_id ) ) {
|
||||
|
||||
@@ -520,7 +520,7 @@ if ( ! class_exists( 'SP_Settings_Events' ) ) :
|
||||
parent::save();
|
||||
|
||||
if ( isset( $_POST['sportspress_event_teams_delimiter'] ) ) {
|
||||
update_option( 'sportspress_event_teams_delimiter', sanitize_text_field( $_POST['sportspress_event_teams_delimiter'] ) );
|
||||
update_option( 'sportspress_event_teams_delimiter', sanitize_text_field( wp_unslash( $_POST['sportspress_event_teams_delimiter'] ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -281,27 +281,27 @@ if ( ! class_exists( 'SP_Settings_General' ) ) :
|
||||
SP_Admin_Settings::save_fields( $settings );
|
||||
|
||||
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
|
||||
if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) {
|
||||
$_POST['gmt_offset'] = preg_replace( '/UTC\+?/', '', sanitize_text_field( $_POST['timezone_string'] ) );
|
||||
if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
$_POST['gmt_offset'] = preg_replace( '/UTC\+?/', '', sanitize_text_field( wp_unslash( $_POST['timezone_string'] ) ) );
|
||||
$_POST['timezone_string'] = '';
|
||||
}
|
||||
|
||||
if ( isset( $_POST['timezone_string'] ) ) {
|
||||
update_option( 'timezone_string', sanitize_option( 'timezone_string', $_POST['timezone_string'] ) );
|
||||
update_option( 'timezone_string', sanitize_option( 'timezone_string', wp_unslash( $_POST['timezone_string'] ) ) );
|
||||
}
|
||||
|
||||
if ( isset( $_POST['gmt_offset'] ) ) {
|
||||
update_option( 'gmt_offset', sanitize_option( 'gmt_offset', $_POST['gmt_offset'] ) );
|
||||
update_option( 'gmt_offset', sanitize_option( 'gmt_offset', wp_unslash( $_POST['gmt_offset'] ) ) );
|
||||
}
|
||||
|
||||
if ( isset( $_POST['sportspress_frontend_css_primary'] ) ) {
|
||||
|
||||
// Save settings
|
||||
$primary = ( ! empty( $_POST['sportspress_frontend_css_primary'] ) ) ? sp_format_hex( $_POST['sportspress_frontend_css_primary'] ) : '';
|
||||
$background = ( ! empty( $_POST['sportspress_frontend_css_background'] ) ) ? sp_format_hex( $_POST['sportspress_frontend_css_background'] ) : '';
|
||||
$text = ( ! empty( $_POST['sportspress_frontend_css_text'] ) ) ? sp_format_hex( $_POST['sportspress_frontend_css_text'] ) : '';
|
||||
$heading = ( ! empty( $_POST['sportspress_frontend_css_heading'] ) ) ? sp_format_hex( $_POST['sportspress_frontend_css_heading'] ) : '';
|
||||
$link = ( ! empty( $_POST['sportspress_frontend_css_link'] ) ) ? sp_format_hex( $_POST['sportspress_frontend_css_link'] ) : '';
|
||||
$primary = ( ! empty( $_POST['sportspress_frontend_css_primary'] ) ) ? sp_format_hex( sanitize_text_field( wp_unslash( $_POST['sportspress_frontend_css_primary'] ) ) ) : '';
|
||||
$background = ( ! empty( $_POST['sportspress_frontend_css_background'] ) ) ? sp_format_hex( sanitize_text_field( wp_unslash( $_POST['sportspress_frontend_css_background'] ) ) ) : '';
|
||||
$text = ( ! empty( $_POST['sportspress_frontend_css_text'] ) ) ? sp_format_hex( sanitize_text_field( wp_unslash( $_POST['sportspress_frontend_css_text'] ) ) ) : '';
|
||||
$heading = ( ! empty( $_POST['sportspress_frontend_css_heading'] ) ) ? sp_format_hex( sanitize_text_field( wp_unslash( $_POST['sportspress_frontend_css_heading'] ) ) ) : '';
|
||||
$link = ( ! empty( $_POST['sportspress_frontend_css_link'] ) ) ? sp_format_hex( sanitize_text_field( wp_unslash( $_POST['sportspress_frontend_css_link'] ) ) ) : '';
|
||||
$customize = ( ! empty( $_POST['sportspress_frontend_css_customize'] ) ) ? 1 : '';
|
||||
|
||||
$colors = array(
|
||||
|
||||
@@ -134,7 +134,7 @@ if ( ! class_exists( 'SP_Settings_Licenses' ) ) :
|
||||
}
|
||||
|
||||
// retrieve the license key
|
||||
$license = trim( sanitize_text_field( $_POST[ 'sp_license_key_' . $id ] ) );
|
||||
$license = trim( sanitize_text_field( wp_unslash( $_POST[ 'sp_license_key_' . $id ] ) ) );
|
||||
|
||||
// get the name of the product
|
||||
$name = $this->licenses[ $id ]['name'];
|
||||
@@ -189,7 +189,7 @@ if ( ! class_exists( 'SP_Settings_Licenses' ) ) :
|
||||
}
|
||||
|
||||
// retrieve the license key
|
||||
$license = trim( sanitize_text_field( $_POST[ 'sp_license_key_' . $id ] ) );
|
||||
$license = trim( sanitize_text_field( wp_unslash( $_POST[ 'sp_license_key_' . $id ] ) ) );
|
||||
|
||||
// get the name of the product
|
||||
$name = $this->licenses[ $id ]['name'];
|
||||
|
||||
@@ -81,7 +81,7 @@ if ( ! class_exists( 'SP_Settings_Page' ) ) :
|
||||
}
|
||||
|
||||
if ( isset( $_POST['sportspress_template_visibility'] ) && is_array( $_POST['sportspress_template_visibility'] ) ) {
|
||||
foreach ( $_POST['sportspress_template_visibility'] as $option => $toggled ) {
|
||||
foreach ( $_POST['sportspress_template_visibility'] as $option => $toggled ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
if ( $toggled ) {
|
||||
update_option( $option, 'yes' );
|
||||
} else {
|
||||
|
||||
@@ -87,7 +87,7 @@ if ( ! class_exists( 'SP_Settings_Status' ) ) :
|
||||
</tr>
|
||||
<tr>
|
||||
<td><?php esc_html_e( 'Web Server Info', 'sportspress' ); ?>:</td>
|
||||
<td><?php echo esc_html( $_SERVER['SERVER_SOFTWARE'] ); ?></td>
|
||||
<td><?php echo esc_html( wp_unslash( $_SERVER['SERVER_SOFTWARE'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><?php esc_html_e( 'PHP Version', 'sportspress' ); ?>:</td>
|
||||
|
||||
@@ -81,7 +81,7 @@ if ( ! class_exists( 'SP_Settings_Text' ) ) :
|
||||
*/
|
||||
public function save() {
|
||||
if ( isset( $_POST['sportspress_text'] ) ) {
|
||||
update_option( 'sportspress_text', array_map( 'sanitize_text_field', $_POST['sportspress_text'] ) );
|
||||
update_option( 'sportspress_text', array_map( 'sanitize_text_field', array_map( 'wp_unslash', $_POST['sportspress_text'] ) ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -46,7 +46,7 @@
|
||||
</tr>
|
||||
<tr>
|
||||
<td><?php esc_attr_e( 'Web Server Info', 'sportspress' ); ?>:</td>
|
||||
<td><?php echo esc_html( $_SERVER['SERVER_SOFTWARE'] ); ?></td>
|
||||
<td><?php echo esc_html( $_SERVER['SERVER_SOFTWARE'] ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput ?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><?php esc_attr_e( 'PHP Version', 'sportspress' ); ?>:</td>
|
||||
|
||||
@@ -309,7 +309,7 @@ if ( ! function_exists( 'sp_nonce' ) ) {
|
||||
if ( ! function_exists( 'sp_get_option' ) ) {
|
||||
function sp_get_option( $option, $default = null ) {
|
||||
if ( isset( $_POST[ $option ] ) ) {
|
||||
return $_POST[ $option ];
|
||||
sanitize_text_field( wp_unslash( $_POST[ $option ] ) );
|
||||
} else {
|
||||
return get_option( $option, $default );
|
||||
}
|
||||
|
||||
@@ -235,16 +235,16 @@ function sportspress_sanitize_title( $title ) {
|
||||
|
||||
return $title;
|
||||
|
||||
elseif ( isset( $_POST ) && array_key_exists( 'post_type', $_POST ) && is_sp_config_type( $_POST['post_type'] ) ) :
|
||||
elseif ( isset( $_POST ) && array_key_exists( 'post_type', $_POST ) && is_sp_config_type( sanitize_key( $_POST['post_type'] ) ) ) :
|
||||
|
||||
$key = isset( $_POST['sp_key'] ) ? sanitize_text_field( $_POST['sp_key'] ) : null;
|
||||
$key = isset( $_POST['sp_key'] ) ? sanitize_text_field( wp_unslash( $_POST['sp_key'] ) ) : null;
|
||||
|
||||
if ( ! $key ) {
|
||||
$key = isset( $_POST['sp_default_key'] ) ? sanitize_text_field( $_POST['sp_default_key'] ) : null;
|
||||
$key = isset( $_POST['sp_default_key'] ) ? sanitize_text_field( wp_unslash( $_POST['sp_default_key'] ) ) : null;
|
||||
}
|
||||
|
||||
if ( ! $key ) {
|
||||
$key = sanitize_text_field( $_POST['post_title'] );
|
||||
$key = sanitize_text_field( wp_unslash( $_POST['post_title'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
|
||||
}
|
||||
|
||||
$id = sp_array_value( $_POST, 'post_ID', 'var', 'text' );
|
||||
|
||||
@@ -54,10 +54,10 @@ if ( ! class_exists( 'SportsPress_Comments_Scheduled_Events' ) ) :
|
||||
|
||||
do_action( 'pre_comment_on_post', $comment_post_ID );
|
||||
|
||||
$comment_author = ( isset( $_POST['author'] ) ) ? trim( strip_tags( $_POST['author'] ) ) : null;
|
||||
$comment_author_email = ( isset( $_POST['email'] ) ) ? sanitize_email( trim( $_POST['email'] ) ) : null;
|
||||
$comment_author_url = ( isset( $_POST['url'] ) ) ? esc_url( trim( $_POST['url'] ) ) : null;
|
||||
$comment_content = ( isset( $_POST['comment'] ) ) ? esc_textarea( trim( $_POST['comment'] ) ) : null;
|
||||
$comment_author = ( isset( $_POST['author'] ) ) ? trim( strip_tags( sanitize_text_field( wp_unslash( $_POST['author'] ) ) ) ) : null;
|
||||
$comment_author_email = ( isset( $_POST['email'] ) ) ? trim( sanitize_email( wp_unslash( $_POST['email'] ) ) ) : null;
|
||||
$comment_author_url = ( isset( $_POST['url'] ) ) ? trim( sanitize_url( wp_unslash( $_POST['url'] ) ) ) : null; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
$comment_content = ( isset( $_POST['comment'] ) ) ? trim( sanitize_text_field( wp_unslash( $_POST['comment'] ) ) ) : null;
|
||||
|
||||
// If the user is logged in
|
||||
$user = wp_get_current_user();
|
||||
@@ -136,7 +136,7 @@ if ( ! class_exists( 'SportsPress_Comments_Scheduled_Events' ) ) :
|
||||
wp_set_comment_status( $comment_id, 'approve' );
|
||||
}
|
||||
|
||||
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment_id ) : $_POST['redirect_to'] . '#comment-' . $comment_id;
|
||||
$location = empty( $_POST['redirect_to'] ) ? get_comment_link( $comment_id ) : sanitize_url( wp_unslash( $_POST['redirect_to'] ) ) . '#comment-' . $comment_id; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
|
||||
$location = apply_filters( 'comment_post_redirect', $location, $comment );
|
||||
|
||||
|
||||
@@ -262,7 +262,7 @@ endif;
|
||||
|
||||
<?php
|
||||
if ( isset( $_GET['term'] ) ) :
|
||||
$term = get_term( $_GET['term'], $taxonomy ); // Posts in term
|
||||
$term = get_term( sanitize_key( $_GET['term'] ), $taxonomy ); // Posts in term
|
||||
?>
|
||||
|
||||
<ul class="sp-utility">
|
||||
@@ -910,7 +910,7 @@ endforeach;
|
||||
|
||||
<?php
|
||||
$post_object = get_post_type_object( $post_type );
|
||||
$taxonomy_object = get_taxonomy( $_GET['taxonomy'] );
|
||||
$taxonomy_object = get_taxonomy( sanitize_key( $_GET['taxonomy'] ) );
|
||||
?>
|
||||
|
||||
<?php
|
||||
|
||||
@@ -194,7 +194,7 @@ if ( ! class_exists( 'SportsPress_Tutorials' ) ) :
|
||||
'advanced' => esc_attr__( 'Advanced', 'sportspress' ),
|
||||
)
|
||||
);
|
||||
if ( isset( $_GET['tab'] ) && array_key_exists( $_GET['tab'], $tabs ) ) {
|
||||
if ( isset( $_GET['tab'] ) && array_key_exists( wp_unslash( $_GET['tab'] ), $tabs ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
$current_tab = sanitize_key( $_GET['tab'] );
|
||||
} else {
|
||||
$current_tab = key( $tabs );
|
||||
|
||||
@@ -105,8 +105,8 @@ if ( ! class_exists( 'SportsPress_User_Registration' ) ) :
|
||||
*/
|
||||
public static function register_form() {
|
||||
if ( 'yes' === get_option( 'sportspress_registration_name_inputs', 'no' ) ) {
|
||||
$first_name = ( ! empty( $_POST['first_name'] ) ) ? trim( sanitize_text_field( $_POST['first_name'] ) ) : '';
|
||||
$last_name = ( ! empty( $_POST['last_name'] ) ) ? trim( sanitize_text_field( $_POST['last_name'] ) ) : '';
|
||||
$first_name = ( ! empty( $_POST['first_name'] ) ) ? trim( sanitize_text_field( wp_unslash( $_POST['first_name'] ) ) ) : '';
|
||||
$last_name = ( ! empty( $_POST['last_name'] ) ) ? trim( sanitize_text_field( wp_unslash( $_POST['last_name'] ) ) ) : '';
|
||||
?>
|
||||
<p>
|
||||
<label for="first_name"><?php esc_attr_e( 'First Name', 'sportspress' ); ?><br />
|
||||
@@ -149,22 +149,22 @@ if ( ! class_exists( 'SportsPress_User_Registration' ) ) :
|
||||
// Save first and last name
|
||||
if ( 'yes' === get_option( 'sportspress_registration_name_inputs', 'no' ) ) {
|
||||
if ( ! empty( $_POST['first_name'] ) ) {
|
||||
$meta = trim( sanitize_text_field( $_POST['first_name'] ) );
|
||||
$meta = trim( sanitize_text_field( wp_unslash( $_POST['first_name'] ) ) );
|
||||
$parts[] = $meta;
|
||||
update_user_meta( $user_id, 'first_name', $meta );
|
||||
}
|
||||
|
||||
if ( ! empty( $_POST['last_name'] ) ) {
|
||||
$meta = trim( sanitize_text_field( $_POST['last_name'] ) );
|
||||
$meta = trim( sanitize_text_field( wp_unslash( $_POST['last_name'] ) ) );
|
||||
$parts[] = $meta;
|
||||
update_user_meta( $user_id, 'last_name', $meta );
|
||||
}
|
||||
}
|
||||
|
||||
// Add team from team name
|
||||
if ( isset( $_POST['sp_register_form_team'] ) && wp_verify_nonce( $_POST['sp_register_form_team'], 'submit_team_name' ) ) {
|
||||
if ( isset( $_POST['sp_register_form_team'] ) && wp_verify_nonce( sanitize_key( $_POST['sp_register_form_team'] ), 'submit_team_name' ) ) {
|
||||
if ( ! empty( $_POST['team_name'] ) ) {
|
||||
$team_name = trim( sanitize_text_field( $_POST['team_name'] ) );
|
||||
$team_name = trim( sanitize_text_field( wp_unslash( $_POST['team_name'] ) ) );
|
||||
$post['post_type'] = 'sp_team';
|
||||
$post['post_title'] = $team_name;
|
||||
$post['post_author'] = $user_id;
|
||||
@@ -174,9 +174,9 @@ if ( ! class_exists( 'SportsPress_User_Registration' ) ) :
|
||||
}
|
||||
|
||||
// Save team
|
||||
if ( isset( $_POST['sp_register_form_player'] ) && wp_verify_nonce( $_POST['sp_register_form_player'], 'submit_team' ) ) {
|
||||
if ( isset( $_POST['sp_register_form_player'] ) && wp_verify_nonce( sanitize_key( $_POST['sp_register_form_player'] ), 'submit_team' ) ) {
|
||||
if ( ! empty( $_POST['sp_team'] ) ) {
|
||||
$team = trim( sanitize_text_field( $_POST['sp_team'] ) );
|
||||
$team = trim( sanitize_text_field( wp_unslash( $_POST['sp_team'] ) ) );
|
||||
if ( $team <= 0 ) {
|
||||
$team = 0;
|
||||
}
|
||||
@@ -187,7 +187,7 @@ if ( ! class_exists( 'SportsPress_User_Registration' ) ) :
|
||||
// Add player
|
||||
if ( 'yes' === get_option( 'sportspress_registration_add_player', 'no' ) ) {
|
||||
if ( ! sizeof( $parts ) && ! empty( $_POST['user_login'] ) ) {
|
||||
$parts[] = trim( sanitize_text_field( $_POST['user_login'] ) );
|
||||
$parts[] = trim( sanitize_text_field( wp_unslash( $_POST['user_login'] ) ) );
|
||||
}
|
||||
|
||||
if ( sizeof( $parts ) ) {
|
||||
|
||||
@@ -97,8 +97,8 @@ if ( empty( $events ) ) {
|
||||
$week_begins = intval( get_option( 'start_of_week' ) );
|
||||
|
||||
// Get year and month from query vars
|
||||
$year = isset( $_GET['sp_year'] ) ? $_GET['sp_year'] : $year;
|
||||
$monthnum = isset( $_GET['sp_month'] ) ? $_GET['sp_month'] : $monthnum;
|
||||
$year = isset( $_GET['sp_year'] ) ? sanitize_text_field( wp_unslash( $_GET['sp_year'] ) ) : $year;
|
||||
$monthnum = isset( $_GET['sp_month'] ) ? sanitize_text_field( wp_unslash( $_GET['sp_month'] ) ) : $monthnum;
|
||||
|
||||
// Let's figure out when we are
|
||||
if ( ! empty( $monthnum ) && ! empty( $year ) ) {
|
||||
@@ -220,7 +220,7 @@ if ( $dayswithposts ) {
|
||||
$daywithpost = array();
|
||||
}
|
||||
|
||||
if ( array_key_exists( 'HTTP_USER_AGENT', $_SERVER ) && preg_match( '/(MSIE|camino|safari)/', $_SERVER['HTTP_USER_AGENT'] ) ) {
|
||||
if ( array_key_exists( 'HTTP_USER_AGENT', $_SERVER ) && preg_match( '/(MSIE|camino|safari)/', wp_unslash( $_SERVER['HTTP_USER_AGENT'] ) ) ) { // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
|
||||
$ak_title_separator = "\n";
|
||||
} else {
|
||||
$ak_title_separator = ', ';
|
||||
|
||||
Reference in New Issue
Block a user