Sanitize and unslash all inputs

2021-11-14 13:49:51 +09:00
parent 8873e5adeb
commit a605d7ed1a
30 changed files with 98 additions and 98 deletions
--- a/includes/admin/importers/class-sp-event-performance-importer.php
+++ b/includes/admin/importers/class-sp-event-performance-importer.php
@@ -52,10 +52,10 @@ if ( class_exists( 'WP_Importer' ) ) {
 			$rows = array_chunk( $array, sizeof( $columns ) );

 			// Get event ID and team ID from post vars
-			$event = ( empty( $_POST['sp_event'] ) ? false : sanitize_text_field( $_POST['sp_event'] ) );
-			$teams = ( empty( $_POST['sp_teams'] ) ? false : sanitize_text_field( $_POST['sp_teams'] ) );
-			$index = ( empty( $_POST['sp_index'] ) ? false : sanitize_text_field( $_POST['sp_index'] ) );
-			$team  = ( empty( $_POST['sp_team'] ) ? false : sanitize_text_field( $_POST['sp_team'] ) );
+			$event = ( empty( $_POST['sp_event'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_event'] ) ) );
+			$teams = ( empty( $_POST['sp_teams'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_teams'] ) ) );
+			$index = ( empty( $_POST['sp_index'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_index'] ) ) );
+			$team  = ( empty( $_POST['sp_team'] ) ? false : sanitize_text_field( wp_unslash( $_POST['sp_team'] ) ) );

 			$team_players     = array( 0 );
 			$team_performance = array();