address some secure issue

dungps · dungps · commit 0bd9b20981d2 · 2016-03-25T10:50:10.000+07:00
diff --git a/inc/Ajax.php b/inc/Ajax.php
@@ -43,27 +43,27 @@ public function delete_comment() {
 	}
 
 	function delete_answer() {
-		if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], '_dwqa_action_remove_answer_nonce' ) || 'dwqa_delete_answer' !== $_GET['action'] ) {
+		if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], '_dwqa_action_remove_answer_nonce' ) || 'dwqa_delete_answer' !== sanitize_text_field( $_GET['action'] ) ) {
 			wp_die( __( 'Are you cheating huh?', 'dwqa' ) );
 		}
 
 		if ( ! isset( $_GET['answer_id'] ) ) {
 			wp_die( __( 'Answer is missing.', 'dwqa' ), 'error' );
 		}
 
-		if ( 'dwqa-answer' !== get_post_type( $_GET['answer_id'] ) ) {
+		if ( 'dwqa-answer' !== get_post_type( intval( $_GET['answer_id'] ) ) ) {
 			wp_die( __( 'This post is not answer.', 'dwqa' ) );
 		}
 
 		if ( !dwqa_current_user_can( 'delete_answer' ) ) {
 			wp_die( __( 'You do not have permission to delete this post.', 'dwqa' ) );
 		}
 
-		do_action( 'dwqa_prepare_delete_answer', $_GET['answer_id'] );
+		do_action( 'dwqa_prepare_delete_answer', intval( $_GET['answer_id'] ) );
 
-		$question_id = get_post_meta( $_GET['answer_id'], '_question', true );
+		$question_id = get_post_meta( intval( $_GET['answer_id'] ), '_question', true );
 		
-		$id = wp_delete_post( $_GET['answer_id'] );
+		$id = wp_delete_post( intval( $_GET['answer_id'] ) );
 
 		if ( is_wp_error( $id ) ) {
 			wp_die( $id->get_error_message() );
@@ -72,7 +72,7 @@ function delete_answer() {
 		$answer_count = get_post_meta( $question_id, '_dwqa_answers_count', true );
 		update_post_meta( $question_id, '_dwqa_answers_count', (int) $answer_count - 1 );
 
-		do_action( 'dwqa_delete_answer', $_GET['answer_id'], $question_id );
+		do_action( 'dwqa_delete_answer', intval( $_GET['answer_id'] ), $question_id );
 
 		wp_redirect( get_permalink( $question_id ) );
 		exit();
@@ -146,31 +146,31 @@ public function unvote_best_answer() {
 
 	public function delete_question() {
 		global $dwqa_general_settings;
-		if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( $_GET['_wpnonce'], '_dwqa_action_remove_question_nonce' ) || 'dwqa_delete_question' !== $_GET['action'] ) {
+		if ( ! isset( $_GET['_wpnonce'] ) || ! wp_verify_nonce( sanitize_text_field( $_GET['_wpnonce'] ), '_dwqa_action_remove_question_nonce' ) || 'dwqa_delete_question' !== $_GET['action'] ) {
 			wp_die( __( 'Are you cheating huh?', 'dwqa' ) );
 		}
 
 		if ( ! isset( $_GET['question_id'] ) ) {
 			wp_die( __( 'Question is missing.', 'dwqa' ), 'error' );
 		}
 
-		if ( 'dwqa-question' !== get_post_type( $_GET['question_id'] ) ) {
+		if ( 'dwqa-question' !== get_post_type( intval( $_GET['question_id'] ) ) ) {
 			wp_die( __( 'This post is not question.', 'dwqa' ) );
 		}
 
 		if ( !dwqa_current_user_can( 'delete_answer' ) ) {
 			wp_die( __( 'You do not have permission to delete this post.', 'dwqa' ) );
 		}
 
-		do_action( 'before_delete_post', $_GET['question_id'] );
+		do_action( 'before_delete_post', intval( $_GET['question_id'] ) );
 		
-		$id = wp_delete_post( $_GET['question_id'] );
+		$id = wp_delete_post( intval( $_GET['question_id'] ) );
 
 		if ( is_wp_error( $id ) ) {
 			wp_die( $id->get_error_message() );
 		}
 
-		do_action( 'dwqa_delete_question', $_GET['question_id'] );
+		do_action( 'dwqa_delete_question', intval( $_GET['question_id'] ) );
 
 		$url = home_url();
 		if ( isset( $dwqa_general_settings['pages']['archive-question'] ) ) {
diff --git a/inc/Filter.php b/inc/Filter.php
@@ -9,9 +9,9 @@ public function prepare_archive_posts() {
 
 		$posts_per_page = isset( $dwqa_general_settings['posts-per-page'] ) ?  $dwqa_general_settings['posts-per-page'] : 5;
 		$user = isset( $_GET['user'] ) && !empty( $_GET['user'] ) ? urldecode( $_GET['user'] ) : false;
-		$filter = isset( $_GET['filter'] ) && !empty( $_GET['filter'] ) ? $_GET['filter'] : 'all';
-		$search_text = isset( $_GET['qs'] ) ? $_GET['qs'] : false;
-		$sort = isset( $_GET['sort'] ) ? $_GET['sort'] : '';
+		$filter = isset( $_GET['filter'] ) && !empty( $_GET['filter'] ) ? sanitize_text_field( $_GET['filter'] ) : 'all';
+		$search_text = isset( $_GET['qs'] ) ? sanitize_text_field( $_GET['qs'] ) : false;
+		$sort = isset( $_GET['sort'] ) ? sanitize_text_field( $_GET['sort'] ) : '';
 		$query = array(
 			'post_type' => 'dwqa-question',
 			'posts_per_page' => $posts_per_page,
diff --git a/inc/Posts/Answer.php b/inc/Posts/Answer.php
@@ -264,7 +264,7 @@ public function set_has_archive() {
 	}
 
 	public function columns_head( $defaults ) {
-		if ( isset( $_GET['post_type'] ) && $_GET['post_type'] == $this->get_slug() ) {
+		if ( isset( $_GET['post_type'] ) && sanitize_text_field( $_GET['post_type'] ) == $this->get_slug() ) {
 			$defaults = array(
 				'cb'            => '<input type="checkbox">',
 				'info'          => __( 'Answer', 'dwqa' ),
diff --git a/inc/Settings.php b/inc/Settings.php
@@ -747,14 +747,14 @@ public function init_options(){
 	}
 
 	public function flush_rules() {
-		if ( isset( $_GET['page'] ) && 'dwqa-settings' == $_GET['page'] ) {
+		if ( isset( $_GET['page'] ) && 'dwqa-settings' == esc_html( $_GET['page'] ) ) {
 			flush_rewrite_rules();
 		}
 	}
 
 	public function current_email_tab() {
-		if ( isset( $_GET['tab'] ) && 'email' == $_GET['tab'] ) {
-			return isset( $_GET['section'] ) ? $_GET['section'] : 'general';
+		if ( isset( $_GET['tab'] ) && 'email' == esc_html( $_GET['tab'] ) ) {
+			return isset( $_GET['section'] ) ? esc_html( $_GET['section'] ) : 'general';
 		}
 
 		return false;
diff --git a/inc/Template.php b/inc/Template.php
@@ -6,8 +6,8 @@
 function dwqa_breadcrumb() {
 	global $dwqa_general_settings;
 	$title = get_the_title( $dwqa_general_settings['pages']['archive-question'] );
-	$search = isset( $_GET['qs'] ) ? $_GET['qs'] : false;
-	$author = isset( $_GET['user'] ) ? $_GET['user'] : false;
+	$search = isset( $_GET['qs'] ) ? esc_html( $_GET['qs'] ) : false;
+	$author = isset( $_GET['user'] ) ? esc_html( $_GET['user'] ) : false;
 	$output = '';
 	if ( !is_singular( 'dwqa-question' ) ) {
 		$term = get_query_var( 'dwqa-question_category' ) ? get_query_var( 'dwqa-question_category' ) : ( get_query_var( 'dwqa-question_tag' ) ? get_query_var( 'dwqa-question_tag' ) : false );
@@ -75,7 +75,7 @@ function dwqa_archive_question_filter_layout() {
 function dwqa_search_form() {
 	?>
 	<form id="dwqa-search" class="dwqa-search">
-		<input data-nonce="<?php echo wp_create_nonce( '_dwqa_filter_nonce' ) ?>" type="text" placeholder="<?php _e( 'What do you want to know?', 'dwqa' ); ?>" name="qs" value="<?php echo isset( $_GET['qs'] ) ? $_GET['qs'] : '' ?>">
+		<input data-nonce="<?php echo wp_create_nonce( '_dwqa_filter_nonce' ) ?>" type="text" placeholder="<?php _e( 'What do you want to know?', 'dwqa' ); ?>" name="qs" value="<?php echo isset( $_GET['qs'] ) ? esc_html( $_GET['qs'] ) : '' ?>">
 	</form>
 	<?php
 }
@@ -92,7 +92,7 @@ function dwqa_class_for_question_details_container(){
 function dwqa_answer_paginate_link() {
 	global $wp_query;
 	$question_url = get_permalink();
-	$page = isset( $_GET['ans-page'] ) ? $_GET['ans-page'] : 1;
+	$page = isset( $_GET['ans-page'] ) ? intval( $_GET['ans-page'] ) : 1;
 
 	$args = array(
 		'base' => add_query_arg( 'ans-page', '%#%', $question_url ),
diff --git a/inc/helper/functions.php b/inc/helper/functions.php
@@ -234,7 +234,7 @@ function dwqa_question_status( $question = false ) {
 }
 
 function dwqa_current_filter() {
-	return isset( $_GET['filter'] ) && !empty( $_GET['filter'] ) ? $_GET['filter'] : 'all';
+	return isset( $_GET['filter'] ) && !empty( $_GET['filter'] ) ? sanitize_text_field( $_GET['filter'] ) : 'all';
 }
 
 function dwqa_get_ask_link() {
diff --git a/templates/archive-question-filter.php b/templates/archive-question-filter.php
@@ -7,8 +7,8 @@
  */
 
 global $dwqa_general_settings;
-$sort = isset( $_GET['sort'] ) ? $_GET['sort'] : '';
-$filter = isset( $_GET['filter'] ) ? $_GET['filter'] : 'all';
+$sort = isset( $_GET['sort'] ) ? esc_html( $_GET['sort'] ) : '';
+$filter = isset( $_GET['filter'] ) ? esc_html( $_GET['filter'] ) : 'all';
 ?>
 <div class="dwqa-question-filter">
 	<span><?php _e( 'Filter:', 'dwqa' ); ?></span>
diff --git a/templates/content-edit.php b/templates/content-edit.php
@@ -8,8 +8,8 @@
 ?>
 
 <?php
-$comment_id = isset( $_GET['comment_edit'] ) && is_numeric( $_GET['comment_edit'] ) ? $_GET['comment_edit'] : false;
-$edit_id = isset( $_GET['edit'] ) && is_numeric( $_GET['edit'] ) ? $_GET['edit'] : ( $comment_id ? $comment_id : false );
+$comment_id = isset( $_GET['comment_edit'] ) && is_numeric( $_GET['comment_edit'] ) ? intval( $_GET['comment_edit'] ) : false;
+$edit_id = isset( $_GET['edit'] ) && is_numeric( $_GET['edit'] ) ? intval( $_GET['edit'] ) : ( $comment_id ? $comment_id : false );
 if ( !$edit_id ) return;
 $type = $comment_id ? 'comment' : ( 'dwqa-question' == get_post_type( $edit_id ) ? 'question' : 'answer' );
 ?>
diff --git a/upgrades/upgrades.php b/upgrades/upgrades.php
@@ -16,7 +16,7 @@ public static function init() {
 	}
 
 	public static function admin_notices() {
-		if ( isset( $_GET['page']) && 'dwqa-upgrades' == $_GET['page'] ) {
+		if ( isset( $_GET['page']) && 'dwqa-upgrades' == esc_html( $_GET['page'] ) ) {
 			return;
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -264,7 +264,7 @@ public function set_has_archive() {`
`264`	`264`	`}`
`265`	`265`
`266`	`266`	`public function columns_head( $defaults ) {`
`267`		`- if ( isset( $_GET['post_type'] ) && $_GET['post_type'] == $this->get_slug() ) {`
	`267`	`+ if ( isset( $_GET['post_type'] ) && sanitize_text_field( $_GET['post_type'] ) == $this->get_slug() ) {`
`268`	`268`	`$defaults = array(`
`269`	`269`	`'cb' => '<input type="checkbox">',`
`270`	`270`	`'info' => __( 'Answer', 'dwqa' ),`
Original file line number	Diff line number	Diff line change
`@@ -747,14 +747,14 @@ public function init_options(){`
`747`	`747`	`}`
`748`	`748`
`749`	`749`	`public function flush_rules() {`
`750`		`- if ( isset( $_GET['page'] ) && 'dwqa-settings' == $_GET['page'] ) {`
	`750`	`+ if ( isset( $_GET['page'] ) && 'dwqa-settings' == esc_html( $_GET['page'] ) ) {`
`751`	`751`	`flush_rewrite_rules();`
`752`	`752`	`}`
`753`	`753`	`}`
`754`	`754`
`755`	`755`	`public function current_email_tab() {`
`756`		`- if ( isset( $_GET['tab'] ) && 'email' == $_GET['tab'] ) {`
`757`		`- return isset( $_GET['section'] ) ? $_GET['section'] : 'general';`
	`756`	`+ if ( isset( $_GET['tab'] ) && 'email' == esc_html( $_GET['tab'] ) ) {`
	`757`	`+ return isset( $_GET['section'] ) ? esc_html( $_GET['section'] ) : 'general';`
`758`	`758`	`}`
`759`	`759`
`760`	`760`	`return false;`
Original file line number	Diff line number	Diff line change
`@@ -234,7 +234,7 @@ function dwqa_question_status( $question = false ) {`
`234`	`234`	`}`
`235`	`235`
`236`	`236`	`function dwqa_current_filter() {`
`237`		`- return isset( $_GET['filter'] ) && !empty( $_GET['filter'] ) ? $_GET['filter'] : 'all';`
	`237`	`+ return isset( $_GET['filter'] ) && !empty( $_GET['filter'] ) ? sanitize_text_field( $_GET['filter'] ) : 'all';`
`238`	`238`	`}`
`239`	`239`
`240`	`240`	`function dwqa_get_ask_link() {`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ public static function init() {`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`public static function admin_notices() {`
`19`		`- if ( isset( $_GET['page']) && 'dwqa-upgrades' == $_GET['page'] ) {`
	`19`	`+ if ( isset( $_GET['page']) && 'dwqa-upgrades' == esc_html( $_GET['page'] ) ) {`
`20`	`20`	`return;`
`21`	`21`	`}`
`22`	`22`