Skip to content

Commit 3cb65ef

Browse files
up1512001up1512001
committed
chore: added missing sanitization
1 parent 7c8b970 commit 3cb65ef

File tree

2 files changed

+24
-24
lines changed

2 files changed

+24
-24
lines changed

inc/classes/class-hooks.php

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -74,20 +74,20 @@ public function create_template(): void {
7474

7575
foreach ( $shared_templates as $template ) {
7676
$res = register_block_template(
77-
$template['id'],
77+
sanitize_text_field( $template['id'] ),
7878
array(
79-
'slug' => $template['slug'] ?? '',
80-
'title' => $template['title'] ?? '',
81-
'description' => $template['description'] ?? '',
79+
'slug' => isset( $template['slug'] ) ? sanitize_text_field( $template['slug'] ) : '',
80+
'title' => isset( $template['title'] ) ? sanitize_text_field( $template['title'] ) : '',
81+
'description' => isset( $template['description'] ) ? sanitize_textarea_field( $template['description'] ) : '',
8282
'content' => $template['content'] ?? '',
83-
'post_types' => isset( $template['post_types'] ) ? $template['post_types'] : $all_post_types,
83+
'post_types' => isset( $template['post_types'] ) ? array_map( 'sanitize_textarea_field', $template['post_types'] ) : $all_post_types,
8484
)
8585
);
8686

8787
$logs[] = sprintf(
8888
/* translators: 1: Template slug. 2: Result. */
8989
__( 'Template %1$s registration result: %2$s', 'onedesign' ),
90-
$template['slug'] ?? '',
90+
sanitize_text_field( $template['slug'] ) ?? '',
9191
wp_json_encode( $res )
9292
);
9393
}
@@ -98,18 +98,18 @@ public function create_template(): void {
9898
require_once ABSPATH . 'wp-includes/class-wp-block-patterns-registry.php';
9999
}
100100
$res = register_block_pattern(
101-
$pattern['slug'],
101+
sanitize_text_field( $pattern['slug'] ),
102102
array(
103-
'title' => $pattern['title'] ?? '',
103+
'title' => isset( $pattern['title'] ) ? sanitize_text_field( $pattern['title'] ) : '',
104104
'content' => $pattern['content'] ?? '',
105-
'description' => $pattern['description'] ?? '',
106-
'postTypes' => $pattern['post_types'] ?? array(),
105+
'description' => isset( $pattern['description'] ) ? sanitize_textarea_field( $pattern['description'] ) : '',
106+
'postTypes' => isset( $pattern['post_types'] ) ? array_map( 'sanitize_textarea_field', $pattern['post_types'] ) : array(),
107107
)
108108
);
109109
$logs[] = sprintf(
110110
/* translators: 1: Pattern slug. 2: Result. */
111111
__( 'Pattern %1$s registration result: %2$s', 'onedesign' ),
112-
$pattern['slug'],
112+
sanitize_text_field( $pattern['slug'] ),
113113
$res
114114
);
115115
}
@@ -120,7 +120,7 @@ public function create_template(): void {
120120
$existing = get_posts(
121121
array(
122122
'post_type' => 'wp_template_part',
123-
'name' => $template_part['slug'],
123+
'name' => sanitize_text_field( $template_part['slug'] ),
124124
'post_status' => 'any',
125125
'numberposts' => 1,
126126
'fields' => 'ids',
@@ -131,16 +131,16 @@ public function create_template(): void {
131131
$logs[] = sprintf(
132132
/* translators: 1: Template part slug. */
133133
__( 'Template part already exists: %s', 'onedesign' ),
134-
$template_part['slug']
134+
sanitize_text_field( $template_part['slug'] ),
135135
);
136136
continue;
137137
}
138138

139139
// Create the template part post.
140140
$post_data = array(
141141
'post_type' => 'wp_template_part',
142-
'post_title' => $template_part['title'] ?? '',
143-
'post_name' => $template_part['slug'] ?? '',
142+
'post_title' => isset( $template_part['title'] ) ? sanitize_text_field( $template_part['title'] ) : '',
143+
'post_name' => isset( $template_part['slug'] ) ? sanitize_text_field( $template_part['slug'] ) : '',
144144
'post_status' => 'publish',
145145
'post_content' => $template_part['content'] ?? '',
146146
);
@@ -151,15 +151,15 @@ public function create_template(): void {
151151
$logs[] = sprintf(
152152
/* translators: 1: Error message. */
153153
__( 'Error creating template part %1$s: %2$s', 'onedesign' ),
154-
$template_part['slug'],
154+
sanitize_text_field( $template_part['slug'] ),
155155
$post_id->get_error_message()
156156
);
157157
continue;
158158
} else {
159159
$logs[] = sprintf(
160160
/* translators: 1: Template part slug. 2: Post ID. */
161161
__( 'Template part created successfully: %1$s (ID: %2$d)', 'onedesign' ),
162-
$template_part['slug'],
162+
sanitize_text_field( $template_part['slug'] ),
163163
$post_id
164164
);
165165
$brand_site_post_ids[] = $post_id;
@@ -169,21 +169,21 @@ public function create_template(): void {
169169
$theme_slug = get_option( 'template' );
170170

171171
// add required meta & assign taxonomy terms.
172-
update_post_meta( $post_id, '_wp_template_part_area', $template_part['area'] ?? 'uncategorized' );
172+
update_post_meta( $post_id, '_wp_template_part_area', sanitize_text_field( $template_part['area'] ) ?? 'uncategorized' );
173173
update_post_meta( $post_id, '_wp_theme', $current_theme );
174174
update_post_meta( $post_id, '_wp_template_part_theme', $theme_slug );
175-
wp_set_object_terms( $post_id, $template_part['area'] ?? 'uncategorized', 'wp_template_part_area' );
175+
wp_set_object_terms( $post_id, sanitize_text_field( $template_part['area'] ) ?? 'uncategorized', 'wp_template_part_area' );
176176
wp_set_object_terms( $post_id, $current_theme, 'wp_theme' );
177177

178178
// Store description if provided.
179179
if ( isset( $template_part['description'] ) ) {
180-
update_post_meta( $post_id, 'description', $template_part['description'] );
180+
update_post_meta( $post_id, 'description', sanitize_textarea_field( $template_part['description'] ) );
181181
}
182182

183183
$logs[] = sprintf(
184184
/* translators: 1: Template part slug. 2: Post ID. */
185185
__( 'Template part setup completed: %1$s (ID: %2$d)', 'onedesign' ),
186-
$template_part['slug'],
186+
sanitize_text_field( $template_part['slug'] ),
187187
$post_id
188188
);
189189
}

inc/classes/rest/class-templates.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -257,7 +257,7 @@ public function create_synced_patterns( \WP_REST_Request $request ): \WP_REST_Re
257257
$existing_post = get_posts(
258258
array(
259259
'post_type' => 'wp_block',
260-
'post_name' => $sync_pattern['slug'],
260+
'post_name' => sanitize_text_field( $sync_pattern['slug'] ),
261261
'post_status' => 'publish',
262262
'numberposts' => 1,
263263
),
@@ -270,8 +270,8 @@ public function create_synced_patterns( \WP_REST_Request $request ): \WP_REST_Re
270270

271271
$post_data = array(
272272
'post_type' => 'wp_block',
273-
'post_title' => $sync_pattern['title'],
274-
'post_name' => $sync_pattern['slug'],
273+
'post_title' => isset( $sync_pattern['title'] ) ? sanitize_text_field( $sync_pattern['title'] ) : '',
274+
'post_name' => isset( $sync_pattern['slug'] ) ? sanitize_text_field( $sync_pattern['slug'] ) : '',
275275
'post_status' => 'publish',
276276
'post_content' => $sync_pattern['content'],
277277
);

0 commit comments

Comments
 (0)