asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add sanitization to setup, welcome, importer, settings, and admin cpt

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-09 03:37:04 +09:00
parent e23e1c2eed
commit c7302dfc80
12 changed files with 38 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
includes/admin/importers/class-sp-event-importer.php
View File

@@ -55,10 +55,10 @@ if ( class_exists( 'WP_Importer' ) ) {
$rows = array_chunk( $array, sizeof( $columns ) );
// Get event format, league, and season from post vars
$event_format = ( empty( $_POST['sp_format'] ) ? false : $_POST['sp_format'] );
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : $_POST['sp_league'] );
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : $_POST['sp_season'] );
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : $_POST['sp_date_format'] );
$event_format = ( empty( $_POST['sp_format'] ) ? false : sanitize_text_field( $_POST['sp_format'] ) );
$league = ( sp_array_value( $_POST, 'sp_league', '-1' ) == '-1' ? false : sanitize_text_field( $_POST['sp_league'] ) );
$season = ( sp_array_value( $_POST, 'sp_season', '-1' ) == '-1' ? false : sanitize_text_field( $_POST['sp_season'] ) );
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( $_POST['sp_date_format'] ) );
// Get labels from result and performance post types
$result_labels = sp_get_var_labels( 'sp_result' );

8
includes/admin/importers/class-sp-event-performance-importer.php
View File

@@ -49,10 +49,10 @@ if ( class_exists( 'WP_Importer' ) ) {
$rows = array_chunk( $array, sizeof( $columns ) );
// Get event ID and team ID from post vars
$event = ( empty( $_POST['sp_event'] ) ? false : $_POST['sp_event'] );
$teams = ( empty( $_POST['sp_teams'] ) ? false : $_POST['sp_teams'] );
$index = ( empty( $_POST['sp_index'] ) ? false : $_POST['sp_index'] );
$team = ( empty( $_POST['sp_team'] ) ? false : $_POST['sp_team'] );
$event = ( empty( $_POST['sp_event'] ) ? false : sanitize_text_field( $_POST['sp_event'] ) );
$teams = ( empty( $_POST['sp_teams'] ) ? false : sanitize_text_field( $_POST['sp_teams'] ) );
$index = ( empty( $_POST['sp_index'] ) ? false : sanitize_text_field( $_POST['sp_index'] ) );
$team = ( empty( $_POST['sp_team'] ) ? false : sanitize_text_field( $_POST['sp_team'] ) );
$team_players = array( 0 );
$team_performance = array();

2
includes/admin/importers/class-sp-player-importer.php
View File

@@ -54,7 +54,7 @@ if ( class_exists( 'WP_Importer' ) ) {
$rows = array_chunk( $array, sizeof( $columns ) );
// Get Date of Birth format from post vars
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : $_POST['sp_date_format'] );
$date_format = ( empty( $_POST['sp_date_format'] ) ? 'yyyy/mm/dd' : sanitize_text_field( $_POST['sp_date_format'] ) );
foreach ( $rows as $row ):