Skip to content

Sanitize database updates/inputs #60

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
AaronHolbrook wants to merge 3 commits into
base: develop
Choose a base branch
from
Open

Sanitize database updates/inputs #60

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c94a464
Sanitize database updates/inputs
Dec 1, 2014
337ea74
Fix minor bug with quote being run through esc_url instead of sanitiz…
Dec 5, 2014
47e4195
Add check
Dec 5, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 13 additions & 9 deletions cf-post-formats.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ function cfpf_post_admin_setup() {

function cfpf_format_link_save_post($post_id) {
if (!defined('XMLRPC_REQUEST') && isset($_POST['_format_link_url'])) {
update_post_meta($post_id, '_format_link_url', $_POST['_format_link_url']);
update_post_meta($post_id, '_format_link_url', esc_url_raw( $_POST['_format_link_url'] ) );
}
}
// action added in cfpf_admin_init()
Expand All @@ -152,8 +152,8 @@ function cfpf_format_auto_title_post($post_id, $post) {
}
$title = apply_filters('cfpf_format_auto_title', $title, $post);
wp_update_post(array(
'ID' => $post_id,
'post_title' => $title
'ID' => intval( $post_id ),
'post_title' => sanitize_title( $title ),
));

add_action('save_post', 'cfpf_format_status_save_post', 10, 2);
Expand All @@ -175,7 +175,11 @@ function cfpf_format_quote_save_post($post_id, $post) {
);
foreach ($keys as $key) {
if (isset($_POST[$key])) {
update_post_meta($post_id, $key, $_POST[$key]);
if ( '_format_quote_source_name' === $key ) {
update_post_meta($post_id, $key, sanitize_text_field( $_POST[$key] ));
} else if ( '_format_quote_source_url' === $key ) {
update_post_meta($post_id, $key, esc_url_raw( $_POST[$key] ) );
}
}
}
}
Expand All @@ -187,14 +191,14 @@ function cfpf_format_quote_save_post($post_id, $post) {

function cfpf_format_video_save_post($post_id) {
if (!defined('XMLRPC_REQUEST') && isset($_POST['_format_video_embed'])) {
update_post_meta($post_id, '_format_video_embed', $_POST['_format_video_embed']);
update_post_meta($post_id, '_format_video_embed', wp_kses_post( $_POST['_format_video_embed'] ) );
}
}
// action added in cfpf_admin_init()

function cfpf_format_audio_save_post($post_id) {
if (!defined('XMLRPC_REQUEST') && isset($_POST['_format_audio_embed'])) {
update_post_meta($post_id, '_format_audio_embed', $_POST['_format_audio_embed']);
update_post_meta($post_id, '_format_audio_embed', wp_kses_post( $_POST['_format_audio_embed'] ) );
}
}
// action added in cfpf_admin_init()
Expand All @@ -215,7 +219,7 @@ function cfpf_format_gallery_save_post( $post_id ) {
);
foreach ($keys as $key) {
if (isset($_POST[$key])) {
update_post_meta($post_id, $key, $_POST[$key]);
update_post_meta($post_id, $key, sanitize_text_field( $_POST[$key] ) );
}
}
}
Expand Down Expand Up @@ -245,8 +249,8 @@ function cfpf_gallery_menu_order() {
$post_id = intval($post_id);
if ($post_id) {
wp_update_post(array(
'ID' => $post_id,
'menu_order' => $i
'ID' => intval( $post_id ),
'menu_order' => intval( $i ),
));
++$i;
}
Expand Down