asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize sport and timezone in general settings

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-05 22:15:32 +09:00
parent 0739ef53dc
commit 47d62a9a81
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
includes/admin/settings/class-sp-settings-general.php
View File

@@ -234,7 +234,7 @@ class SP_Settings_General extends SP_Settings_Page {
*/
public function save() {
if ( isset( $_POST['sportspress_sport'] ) && ! empty( $_POST['sportspress_sport'] ) && get_option( 'sportspress_sport', null ) !== $_POST['sportspress_sport'] ):
$sport = $_POST['sportspress_sport'];
$sport = sanitize_key( $_POST['sportspress_sport'] );
SP_Admin_Sports::apply_preset( $sport );
delete_option( '_sp_needs_welcome' );
update_option( 'sportspress_installed', 1 );
@@ -250,16 +250,15 @@ class SP_Settings_General extends SP_Settings_Page {
// Map UTC+- timezones to gmt_offsets and set timezone_string to empty.
if ( ! empty( $_POST['timezone_string'] ) && preg_match( '/^UTC[+-]/', $_POST['timezone_string'] ) ) {
$_POST['gmt_offset'] = $_POST['timezone_string'];
$_POST['gmt_offset'] = preg_replace( '/UTC\+?/', '', $_POST['gmt_offset'] );
$_POST['gmt_offset'] = preg_replace( '/UTC\+?/', '', sanitize_text_field( $_POST['timezone_string'] ) );
$_POST['timezone_string'] = '';
}
if ( isset( $_POST['timezone_string'] ) )
update_option( 'timezone_string', $_POST['timezone_string'] );
update_option( 'timezone_string', sanitize_option( 'timezone_string', $_POST['timezone_string'] ) );
if ( isset( $_POST['gmt_offset'] ) )
update_option( 'gmt_offset', $_POST['gmt_offset'] );
update_option( 'gmt_offset', sanitize_option( 'gmt_offset', $_POST['gmt_offset'] ) );
if ( isset( $_POST['sportspress_frontend_css_primary'] ) ) {