From 1d77800c187306c16efd8e4abbeb82b0f3197cd4 Mon Sep 17 00:00:00 2001
From: Brian Miyaji <brian@themeboy.com>
Date: Sat, 6 Nov 2021 11:18:31 +0900
Subject: [PATCH] Add sanitization to player list meta boxes

---
 .../class-sp-meta-box-list-columns.php        |  2 +-
 .../class-sp-meta-box-list-data.php           |  4 +--
 .../class-sp-meta-box-list-details.php        | 32 +++++++++----------
 .../class-sp-meta-box-list-format.php         |  2 +-
 4 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-columns.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-columns.php
index 0088c4f5..58b84963 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-columns.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-columns.php
@@ -70,6 +70,6 @@ class SP_Meta_Box_List_Columns {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array() ) );
+		update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array(), 'key' ) );
 	}
 }
\ No newline at end of file
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-data.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-data.php
index 70d32233..aee140b6 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-data.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-data.php
@@ -34,8 +34,8 @@ class SP_Meta_Box_List_Data {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_adjustments', sp_array_value( $_POST, 'sp_adjustments', array() ) );
-		update_post_meta( $post_id, 'sp_players', sp_array_value( $_POST, 'sp_players', array() ) );
+		update_post_meta( $post_id, 'sp_adjustments', sp_array_value( $_POST, 'sp_adjustments', array(), 'text' ) );
+		update_post_meta( $post_id, 'sp_players', sp_array_value( $_POST, 'sp_players', array(), 'text' ) );
 	}
 
 	/**
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-details.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-details.php
index a837f549..c80956f2 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-details.php
@@ -185,24 +185,24 @@ class SP_Meta_Box_List_Details {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_caption', esc_attr( sp_array_value( $_POST, 'sp_caption', 0 ) ) );
-		update_post_meta( $post_id, 'sp_date', sp_array_value( $_POST, 'sp_date', 0 ) );
-		update_post_meta( $post_id, 'sp_date_from', sp_array_value( $_POST, 'sp_date_from', null ) );
-		update_post_meta( $post_id, 'sp_date_to', sp_array_value( $_POST, 'sp_date_to', null ) );
-		update_post_meta( $post_id, 'sp_date_past', sp_array_value( $_POST, 'sp_date_past', 0 ) );
-		update_post_meta( $post_id, 'sp_date_relative', sp_array_value( $_POST, 'sp_date_relative', 0 ) );
+		update_post_meta( $post_id, 'sp_caption', esc_attr( sp_array_value( $_POST, 'sp_caption', 0, 'text' ) ) );
+		update_post_meta( $post_id, 'sp_date', sp_array_value( $_POST, 'sp_date', 0, 'text' ) );
+		update_post_meta( $post_id, 'sp_date_from', sp_array_value( $_POST, 'sp_date_from', null, 'text' ) );
+		update_post_meta( $post_id, 'sp_date_to', sp_array_value( $_POST, 'sp_date_to', null, 'text' ) );
+		update_post_meta( $post_id, 'sp_date_past', sp_array_value( $_POST, 'sp_date_past', 0, 'text' ) );
+		update_post_meta( $post_id, 'sp_date_relative', sp_array_value( $_POST, 'sp_date_relative', 0, 'text' ) );
 		$tax_input = sp_array_value( $_POST, 'tax_input', array() );
 		update_post_meta( $post_id, 'sp_main_league', in_array( 'auto', sp_array_value( $tax_input, 'sp_league' ) ) );
 		update_post_meta( $post_id, 'sp_current_season', in_array( 'auto', sp_array_value( $tax_input, 'sp_season' ) ) );
-		update_post_meta( $post_id, 'sp_team', sp_array_value( $_POST, 'sp_team', array() ) );
-		update_post_meta( $post_id, 'sp_era', sp_array_value( $_POST, 'sp_era', array() ) );
-		update_post_meta( $post_id, 'sp_grouping', sp_array_value( $_POST, 'sp_grouping', array() ) );
-		update_post_meta( $post_id, 'sp_orderby', sp_array_value( $_POST, 'sp_orderby', array() ) );
-		update_post_meta( $post_id, 'sp_crop', sp_array_value( $_POST, 'sp_crop', 0 ) );
-		update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', array() ) );
-		update_post_meta( $post_id, 'sp_select', sp_array_value( $_POST, 'sp_select', array() ) );
-		update_post_meta( $post_id, 'sp_number', sp_array_value( $_POST, 'sp_number', array() ) );
-		sp_update_post_meta_recursive( $post_id, 'sp_player', sp_array_value( $_POST, 'sp_player', array() ) );
-		sp_update_post_meta_recursive( $post_id, 'sp_nationality', sp_array_value( $_POST, 'sp_nationality', array() ) );
+		update_post_meta( $post_id, 'sp_team', sp_array_value( $_POST, 'sp_team', array(), 'id' ) );
+		update_post_meta( $post_id, 'sp_era', sp_array_value( $_POST, 'sp_era', array(), 'key' ) );
+		update_post_meta( $post_id, 'sp_grouping', sp_array_value( $_POST, 'sp_grouping', array(), 'text' ) );
+		update_post_meta( $post_id, 'sp_orderby', sp_array_value( $_POST, 'sp_orderby', array(), 'key' ) );
+		update_post_meta( $post_id, 'sp_crop', sp_array_value( $_POST, 'sp_crop', 0, 'int' ) );
+		update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', array(), 'text' ) );
+		update_post_meta( $post_id, 'sp_select', sp_array_value( $_POST, 'sp_select', array(), 'key' ) );
+		update_post_meta( $post_id, 'sp_number', sp_array_value( $_POST, 'sp_number', array(), 'int' ) );
+		sp_update_post_meta_recursive( $post_id, 'sp_player', sp_array_value( $_POST, 'sp_player', array(), 'int' ) );
+		sp_update_post_meta_recursive( $post_id, 'sp_nationality', sp_array_value( $_POST, 'sp_nationality', array(), 'text' ) );
 	}
 }
diff --git a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-format.php b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-format.php
index c62823b2..5b60cb70 100644
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-format.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-list-format.php
@@ -34,6 +34,6 @@ class SP_Meta_Box_List_Format {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'list' ) );
+		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'list', 'key' ) );
 	}
 }
\ No newline at end of file