From b5427bd30221f0f667f0272bb5717e51712b86ee Mon Sep 17 00:00:00 2001
From: Brian Miyaji <brian@themeboy.com>
Date: Sat, 6 Nov 2021 11:34:57 +0900
Subject: [PATCH] Add sanitization to config variable meta boxes

---
 .../class-sp-meta-box-column-details.php           |  6 +++---
 .../class-sp-meta-box-metric-details.php           |  2 +-
 .../class-sp-meta-box-outcome-details.php          |  6 +++---
 .../class-sp-meta-box-performance-details.php      | 14 +++++++-------
 .../class-sp-meta-box-result-details.php           |  2 +-
 .../meta-boxes/class-sp-meta-box-spec-details.php  |  2 +-
 .../class-sp-meta-box-statistic-details.php        | 10 +++++-----
 7 files changed, 21 insertions(+), 21 deletions(-)

diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-column-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-column-details.php
index 6e5e7c15..5bf43edb 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-column-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-column-details.php
@@ -71,8 +71,8 @@ class SP_Meta_Box_Column_Details extends SP_Meta_Box_Config {
 	 */
 	public static function save( $post_id, $post ) {
 		self::delete_duplicate( $_POST );
-		update_post_meta( $post_id, 'sp_precision', (int) sp_array_value( $_POST, 'sp_precision', 1 ) );
-		update_post_meta( $post_id, 'sp_priority', sp_array_value( $_POST, 'sp_priority', '0' ) );
-		update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', 'DESC' ) );
+		update_post_meta( $post_id, 'sp_precision', (int) sp_array_value( $_POST, 'sp_precision', 1, 'int' ) );
+		update_post_meta( $post_id, 'sp_priority', sp_array_value( $_POST, 'sp_priority', '0', 'int' ) );
+		update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', 'DESC', 'text' ) );
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-metric-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-metric-details.php
index f3cd4a4c..13e82214 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-metric-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-metric-details.php
@@ -57,6 +57,6 @@ class SP_Meta_Box_Metric_Details extends SP_Meta_Box_Config {
 	 */
 	public static function save( $post_id, $post ) {
 		self::delete_duplicate( $_POST );
-		update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1 ) );
+		update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1, 'int' ) );
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-outcome-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-outcome-details.php
index 4f63a9f9..b30e05fd 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-outcome-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-outcome-details.php
@@ -79,8 +79,8 @@ class SP_Meta_Box_Outcome_Details extends SP_Meta_Box_Config {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_abbreviation', sp_array_value( $_POST, 'sp_abbreviation', array() ) );
-		update_post_meta( $post_id, 'sp_color', sp_array_value( $_POST, 'sp_color', array() ) );
-		update_post_meta( $post_id, 'sp_condition', sp_array_value( $_POST, 'sp_condition', array() ) );
+		update_post_meta( $post_id, 'sp_abbreviation', sp_array_value( $_POST, 'sp_abbreviation', array(), 'text' ) );
+		update_post_meta( $post_id, 'sp_color', sp_array_value( $_POST, 'sp_color', array(), 'text' ) );
+		update_post_meta( $post_id, 'sp_condition', sp_array_value( $_POST, 'sp_condition', array(), 'text' ) );
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-performance-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-performance-details.php
index 3cddc2f4..f6a4383d 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-performance-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-performance-details.php
@@ -166,14 +166,14 @@ class SP_Meta_Box_Performance_Details extends SP_Meta_Box_Config {
 	 */
 	public static function save( $post_id, $post ) {
 		self::delete_duplicate( $_POST );
-		update_post_meta( $post_id, 'sp_singular', sp_array_value( $_POST, 'sp_singular', '' ) );
-		update_post_meta( $post_id, 'sp_section', (int) sp_array_value( $_POST, 'sp_section', -1 ) );
-		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'number' ) );
-		update_post_meta( $post_id, 'sp_precision', sp_array_value( $_POST, 'sp_precision', 0 ) );
-		update_post_meta( $post_id, 'sp_timed', sp_array_value( $_POST, 'sp_timed', 0 ) );
-		update_post_meta( $post_id, 'sp_sendoff', sp_array_value( $_POST, 'sp_sendoff', 0 ) );
+		update_post_meta( $post_id, 'sp_singular', sp_array_value( $_POST, 'sp_singular', '', 'text' ) );
+		update_post_meta( $post_id, 'sp_section', (int) sp_array_value( $_POST, 'sp_section', -1, 'int' ) );
+		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'number', 'int' ) );
+		update_post_meta( $post_id, 'sp_precision', sp_array_value( $_POST, 'sp_precision', 0, 'int' ) );
+		update_post_meta( $post_id, 'sp_timed', sp_array_value( $_POST, 'sp_timed', 0, 'int' ) );
+		update_post_meta( $post_id, 'sp_sendoff', sp_array_value( $_POST, 'sp_sendoff', 0, 'int' ) );
 		if ( 'auto' === get_option( 'sportspress_player_columns', 'auto' ) ) {
-			update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1 ) );
+			update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1, 'int' ) );
 		}
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-result-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-result-details.php
index 7357bc03..64088d88 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-result-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-result-details.php
@@ -48,6 +48,6 @@ class SP_Meta_Box_Result_Details extends SP_Meta_Box_Config {
 	 */
 	public static function save( $post_id, $post ) {
 		self::delete_duplicate( $_POST );
-		update_post_meta( $post_id, 'sp_precision', (int) sp_array_value( $_POST, 'sp_precision', 1 ) );
+		update_post_meta( $post_id, 'sp_precision', (int) sp_array_value( $_POST, 'sp_precision', 1, 'int' ) );
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-spec-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-spec-details.php
index 9ba10dab..6940b6fe 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-spec-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-spec-details.php
@@ -57,6 +57,6 @@ class SP_Meta_Box_Spec_Details extends SP_Meta_Box_Config {
 	 */
 	public static function save( $post_id, $post ) {
 		self::delete_duplicate( $_POST );
-		update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1 ) );
+		update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1, 'int' ) );
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-statistic-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-statistic-details.php
index c211378e..890fd7ea 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-statistic-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-statistic-details.php
@@ -103,11 +103,11 @@ class SP_Meta_Box_Statistic_Details extends SP_Meta_Box_Config {
 	 */
 	public static function save( $post_id, $post ) {
 		self::delete_duplicate( $_POST );
-		update_post_meta( $post_id, 'sp_section', (int) sp_array_value( $_POST, 'sp_section', -1 ) );
-		update_post_meta( $post_id, 'sp_type', sp_array_value( $_POST, 'sp_type', 'total' ) );
-		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'number' ) );
-		update_post_meta( $post_id, 'sp_precision', (int) sp_array_value( $_POST, 'sp_precision', 1 ) );
-		update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1 ) );
+		update_post_meta( $post_id, 'sp_section', (int) sp_array_value( $_POST, 'sp_section', -1, 'int' ) );
+		update_post_meta( $post_id, 'sp_type', sp_array_value( $_POST, 'sp_type', 'total', 'key' ) );
+		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'number', 'int' ) );
+		update_post_meta( $post_id, 'sp_precision', (int) sp_array_value( $_POST, 'sp_precision', 1, 'int' ) );
+		update_post_meta( $post_id, 'sp_visible', sp_array_value( $_POST, 'sp_visible', 1, 'int' ) );
 	}
 
 }
\ No newline at end of file