Sanitize args

Author: ajaydsouza

includes/frontend/class-breadcrumbs.php

@@ -7,6 +7,8 @@
 
 namespace WebberZone\Knowledge_Base\Frontend;
 
+use WebberZone\Knowledge_Base\Util\Helpers;
+
 if ( ! defined( 'WPINC' ) ) {
 	die;
 }
@@ -88,6 +90,7 @@ public static function get_breadcrumb( $args = array() ) {
 		);
 
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		if ( strpos( $args['separator'], '\\' ) === 0 ) {
 			$args['separator'] = self::unicode_to_char( $args['separator'] );

includes/frontend/class-display.php

@@ -8,6 +8,7 @@
 namespace WebberZone\Knowledge_Base\Frontend;
 
 use WebberZone\Knowledge_Base\Util\Cache;
+use WebberZone\Knowledge_Base\Util\Helpers;
 
 if ( ! defined( 'WPINC' ) ) {
 	die;
@@ -66,6 +67,7 @@ public static function get_knowledge_base( $args = array() ) {
 		);
 
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		// Set defaults if variables are empty.
 		$args['limit']   = ( ! empty( absint( $args['limit'] ) ) ) ? absint( $args['limit'] ) : \wzkb_get_option( 'limit' );

includes/frontend/class-related.php

@@ -7,6 +7,8 @@
 
 namespace WebberZone\Knowledge_Base\Frontend;
 
+use WebberZone\Knowledge_Base\Util\Helpers;
+
 // If this file is called directly, abort.
 if ( ! defined( 'WPINC' ) ) {
 	die;
@@ -59,6 +61,7 @@ public static function get_related_articles( $args = array() ) {
 
 		// Parse incomming $args into an array and merge it with $defaults.
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		// Assign post to a separate variable for easy processing.
 		$post = $args['post'];

includes/functions.php

@@ -7,6 +7,7 @@
 
 use WebberZone\Knowledge_Base\Frontend\Media_Handler;
 use WebberZone\Knowledge_Base\Frontend\Related;
+use WebberZone\Knowledge_Base\Util\Helpers;
 
 // If this file is called directly, abort.
 if ( ! defined( 'WPINC' ) ) {
@@ -102,6 +103,7 @@ function wzkb_get_alert( $args = array(), $content = '' ) {
 
 	// Parse incomming $args into an array and merge it with $defaults.
 	$args = wp_parse_args( $args, $defaults );
+	$args = Helpers::sanitize_args( $args );
 
 	$type = 'wzkb-alert-' . $args['type'];
 

includes/util/class-helpers.php

@@ -44,4 +44,21 @@ public static function get_credit_link() {
 
 		return $output;
 	}
+
+	/**
+	 * Sanitize args.
+	 *
+	 * @since 3.0.0
+	 *
+	 * @param array $args Array of arguments.
+	 * @return array Sanitized array of arguments.
+	 */
+	public static function sanitize_args( $args ): array {
+		foreach ( $args as $key => $value ) {
+			if ( is_string( $value ) ) {
+				$args[ $key ] = wp_kses_post( $value );
+			}
+		}
+		return $args;
+	}
 }