Skip to content

Commit dc98545

Browse files
obenlandobenland
authored
Tables: Combine actor search term sanitization (#1939)
1 parent fd14861 commit dc98545

File tree

3 files changed

+34
-18
lines changed

3 files changed

+34
-18
lines changed

includes/table/class-followers.php

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@
2323
* Followers Table-Class.
2424
*/
2525
class Followers extends \WP_List_Table {
26+
use Actor_List_Table;
27+
2628
/**
2729
* User ID.
2830
*
@@ -180,15 +182,7 @@ public function prepare_items() {
180182
}
181183

182184
if ( ! empty( $_GET['s'] ) ) {
183-
$search = \sanitize_text_field( \wp_unslash( $_GET['s'] ) );
184-
$search = \str_replace( 'acct:', '', $search );
185-
$search = \str_replace( '@', ' ', $search );
186-
$search = \str_replace( 'http://', '', $search );
187-
$search = \str_replace( 'https://', '', $search );
188-
$search = \str_replace( 'www.', '', $search );
189-
$search = \trim( $search );
190-
191-
$args['s'] = $search;
185+
$args['s'] = self::normalize_search_term( \wp_unslash( $_GET['s'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
192186
}
193187

194188
$followers_with_count = Follower_Collection::get_followers_with_count( $this->user_id, $per_page, $page_num, $args );

includes/table/class-following.php

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@
2222
* Following Table-Class.
2323
*/
2424
class Following extends \WP_List_Table {
25+
use Actor_List_Table;
26+
2527
/**
2628
* User ID.
2729
*
@@ -199,15 +201,7 @@ public function prepare_items() {
199201
}
200202

201203
if ( isset( $_GET['s'] ) ) {
202-
$search = \sanitize_text_field( \wp_unslash( $_GET['s'] ) );
203-
$search = \str_replace( 'acct:', '', $search );
204-
$search = \str_replace( '@', ' ', $search );
205-
$search = \str_replace( 'http://', '', $search );
206-
$search = \str_replace( 'https://', '', $search );
207-
$search = \str_replace( 'www.', '', $search );
208-
$search = \trim( $search );
209-
210-
$args['s'] = $search;
204+
$args['s'] = self::normalize_search_term( \wp_unslash( $_GET['s'] ) ); // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
211205
}
212206

213207
if ( isset( $_GET['status'] ) ) {

includes/table/trait-actor-list-table.php

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,28 @@
1+
<?php
2+
/**
3+
* Actor Table Trait file.
4+
*
5+
* @package Activitypub
6+
*/
7+
8+
namespace Activitypub\Table;
9+
10+
/**
11+
* Actor Table Trait.
12+
*/
13+
trait Actor_List_Table {
14+
15+
/**
16+
* Sanitizes and normalizes an actor search term.
17+
*
18+
* @param string $search The search term.
19+
* @return string The normalized search term.
20+
*/
21+
public static function normalize_search_term( $search ) {
22+
$search = \sanitize_text_field( $search );
23+
$search = \str_replace( array( 'acct:', 'http://', 'https://', 'www.' ), '', $search );
24+
$search = \str_replace( '@', ' ', $search );
25+
26+
return \trim( $search );
27+
}
28+
}

0 commit comments

Comments
 (0)