Explicitly save sp values for security
This commit is contained in:
Takumi
63
actions.php
63
actions.php
@@ -94,29 +94,50 @@ function sp_nonce() {
|
|||||||
|
|
||||||
function sp_save_post( $post_id ) {
|
function sp_save_post( $post_id ) {
|
||||||
global $post, $typenow;
|
global $post, $typenow;
|
||||||
if ( isset( $_POST['sportspress'] ) ):
|
if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) return $post_id;
|
||||||
$sportspress = (array)$_POST['sportspress'];
|
if ( !current_user_can( 'edit_post', $post_id ) ) return $post_id;
|
||||||
if ( isset( $_POST ) && !empty( $sportspress ) ):
|
if ( !isset( $_POST['sportspress_nonce'] ) || ! wp_verify_nonce( $_POST['sportspress_nonce'], plugin_basename( __FILE__ ) ) ) return $post_id;
|
||||||
if ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE ) return $post_id;
|
switch ( $_POST['post_type'] ):
|
||||||
if ( !current_user_can( 'edit_post', $post_id ) ) return $post_id;
|
case ( 'sp_team' ):
|
||||||
if ( !isset( $_POST['sportspress_nonce'] ) || ! wp_verify_nonce( $_POST['sportspress_nonce'], plugin_basename( __FILE__ ) ) ) return $post_id;
|
update_post_meta( $post_id, 'sp_stats', $_POST['sp_stats'] );
|
||||||
foreach ( $sportspress as $key => $value ):
|
break;
|
||||||
delete_post_meta( $post_id, $key );
|
case ( 'sp_event' ):
|
||||||
if ( is_array( $value ) ):
|
update_post_meta( $post_id, 'sp_stats', $_POST['sp_stats'] );
|
||||||
if ( sp_get_array_depth( $value ) >= 3 ):
|
sp_update_post_meta_recursive( $post_id, 'sp_team', $_POST['sp_team'] );
|
||||||
add_post_meta( $post_id, $key, $value, false );
|
sp_update_post_meta_recursive( $post_id, 'sp_player', $_POST['sp_player'] );
|
||||||
else:
|
break;
|
||||||
$values = new RecursiveIteratorIterator( new RecursiveArrayIterator( $value ) );
|
case ( 'sp_player' ):
|
||||||
foreach ( $values as $value ):
|
update_post_meta( $post_id, 'sp_stats', $_POST['sp_stats'] );
|
||||||
add_post_meta( $post_id, $key, $value, false );
|
sp_update_post_meta_recursive( $post_id, 'sp_team', $_POST['sp_team'] );
|
||||||
endforeach;
|
break;
|
||||||
endif;
|
case ( 'sp_staff' ):
|
||||||
|
sp_update_post_meta_recursive( $post_id, 'sp_team', $_POST['sp_team'] );
|
||||||
|
break;
|
||||||
|
case ( 'sp_table' ):
|
||||||
|
update_post_meta( $post_id, 'sp_stats', $_POST['sp_stats'] );
|
||||||
|
sp_update_post_meta_recursive( $post_id, 'sp_team', $_POST['sp_team'] );
|
||||||
|
break;
|
||||||
|
endswitch;
|
||||||
|
|
||||||
|
/*
|
||||||
|
|
||||||
|
foreach ( $sportspress as $key => $value ):
|
||||||
|
delete_post_meta( $post_id, $key );
|
||||||
|
if ( is_array( $value ) ):
|
||||||
|
if ( sp_get_array_depth( $value ) >= 3 ):
|
||||||
|
add_post_meta( $post_id, $key, $value, false );
|
||||||
else:
|
else:
|
||||||
update_post_meta( $post_id, $key, $value );
|
$values = new RecursiveIteratorIterator( new RecursiveArrayIterator( $value ) );
|
||||||
|
foreach ( $values as $value ):
|
||||||
|
add_post_meta( $post_id, $key, $value, false );
|
||||||
|
endforeach;
|
||||||
endif;
|
endif;
|
||||||
endforeach;
|
else:
|
||||||
endif;
|
update_post_meta( $post_id, $key, $value );
|
||||||
endif;
|
endif;
|
||||||
|
endforeach;
|
||||||
|
|
||||||
|
*/
|
||||||
}
|
}
|
||||||
add_action( 'save_post', 'sp_save_post' );
|
add_action( 'save_post', 'sp_save_post' );
|
||||||
?>
|
?>
|
||||||
@@ -44,7 +44,7 @@ function sp_event_team_meta( $post ) {
|
|||||||
<?php
|
<?php
|
||||||
$args = array(
|
$args = array(
|
||||||
'post_type' => 'sp_team',
|
'post_type' => 'sp_team',
|
||||||
'name' => 'sportspress[sp_team][]',
|
'name' => 'sp_team[]',
|
||||||
'class' => 'sportspress-pages',
|
'class' => 'sportspress-pages',
|
||||||
'show_option_none' => sprintf( __( 'Select %s' ), 'Team' ),
|
'show_option_none' => sprintf( __( 'Select %s' ), 'Team' ),
|
||||||
'option_none_value' => 0,
|
'option_none_value' => 0,
|
||||||
|
|||||||
18
helpers.php
18
helpers.php
@@ -170,7 +170,7 @@ if ( !function_exists( 'sp_post_checklist' ) ) {
|
|||||||
global $post_id;
|
global $post_id;
|
||||||
?>
|
?>
|
||||||
<div id="<?php echo $meta; ?>-all" class="posttypediv wp-tab-panel sp-tab-panel" style="display: <?php echo $display; ?>;">
|
<div id="<?php echo $meta; ?>-all" class="posttypediv wp-tab-panel sp-tab-panel" style="display: <?php echo $display; ?>;">
|
||||||
<input type="hidden" value="0" name="sportspress[<?php echo $meta; ?>]<?php if ( isset( $index ) ) echo '[' . $index . ']'; ?>[]" />
|
<input type="hidden" value="0" name="<?php echo $meta; ?><?php if ( isset( $index ) ) echo '[' . $index . ']'; ?>[]" />
|
||||||
<ul class="categorychecklist form-no-clear">
|
<ul class="categorychecklist form-no-clear">
|
||||||
<?php
|
<?php
|
||||||
$selected = sp_array_between( (array)get_post_meta( $post_id, $meta, false ), 0, $index );
|
$selected = sp_array_between( (array)get_post_meta( $post_id, $meta, false ), 0, $index );
|
||||||
@@ -198,7 +198,7 @@ if ( !function_exists( 'sp_post_checklist' ) ) {
|
|||||||
?>">
|
?>">
|
||||||
<?php echo str_repeat( '<ul><li>', sizeof( $parents ) ); ?>
|
<?php echo str_repeat( '<ul><li>', sizeof( $parents ) ); ?>
|
||||||
<label class="selectit">
|
<label class="selectit">
|
||||||
<input type="checkbox" value="<?php echo $post->ID; ?>" name="sportspress[<?php echo $meta; ?>]<?php if ( isset( $index ) ) echo '[' . $index . ']'; ?>[]"<?php if ( in_array( $post->ID, $selected ) ) echo ' checked="checked"'; ?>>
|
<input type="checkbox" value="<?php echo $post->ID; ?>" name="<?php echo $meta; ?><?php if ( isset( $index ) ) echo '[' . $index . ']'; ?>[]"<?php if ( in_array( $post->ID, $selected ) ) echo ' checked="checked"'; ?>>
|
||||||
<?php
|
<?php
|
||||||
$title = $post->post_title;
|
$title = $post->post_title;
|
||||||
if ( empty( $title ) )
|
if ( empty( $title ) )
|
||||||
@@ -267,7 +267,7 @@ if ( !function_exists( 'sp_stats_table' ) ) {
|
|||||||
$value = sp_array_value( $values, $j, '' );
|
$value = sp_array_value( $values, $j, '' );
|
||||||
$placeholder = (int)sp_array_value( sp_array_value( $placeholders, $key, 0), $j, 0 );
|
$placeholder = (int)sp_array_value( sp_array_value( $placeholders, $key, 0), $j, 0 );
|
||||||
?>
|
?>
|
||||||
<td><input type="text" name="sportspress[<?php echo $slug; ?>][<?php echo $index; ?>][<?php echo $key; ?>][]" value="<?php echo $value; ?>" placeholder="<?php echo $placeholder; ?>" /></td>
|
<td><input type="text" name="<?php echo $slug; ?>[<?php echo $index; ?>][<?php echo $key; ?>][]" value="<?php echo $value; ?>" placeholder="<?php echo $placeholder; ?>" /></td>
|
||||||
<?php endfor; ?>
|
<?php endfor; ?>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
@@ -281,7 +281,7 @@ if ( !function_exists( 'sp_stats_table' ) ) {
|
|||||||
<?php for ( $j = 0; $j < sizeof( $columns ) - 1; $j ++ ):
|
<?php for ( $j = 0; $j < sizeof( $columns ) - 1; $j ++ ):
|
||||||
$value = sp_array_value( $values, $j, '' );
|
$value = sp_array_value( $values, $j, '' );
|
||||||
?>
|
?>
|
||||||
<td><input type="text" name="sportspress[<?php echo $slug; ?>][<?php echo $index; ?>][0][]" value="<?php echo $value; ?>" /></td>
|
<td><input type="text" name="<?php echo $slug; ?>[<?php echo $index; ?>][0][]" value="<?php echo $value; ?>" /></td>
|
||||||
<?php endfor; ?>
|
<?php endfor; ?>
|
||||||
</tr>
|
</tr>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
@@ -305,4 +305,14 @@ if ( !function_exists( 'sp_post_adder' ) ) {
|
|||||||
<?php
|
<?php
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( !function_exists( 'sp_update_post_meta_recursive' ) ) {
|
||||||
|
function sp_update_post_meta_recursive( $post_id, $name, $array ) {
|
||||||
|
delete_post_meta( $post_id, $name );
|
||||||
|
$values = new RecursiveIteratorIterator( new RecursiveArrayIterator( $array ) );
|
||||||
|
foreach ( $values as $value ):
|
||||||
|
add_post_meta( $post_id, $name, $value, false );
|
||||||
|
endforeach;
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
@@ -43,7 +43,7 @@ function sp_table_team_meta( $post ) {
|
|||||||
$args = array(
|
$args = array(
|
||||||
'show_option_all' => sprintf( __( 'All %s', 'sportspress' ), __( 'Leagues', 'sportspress' ) ),
|
'show_option_all' => sprintf( __( 'All %s', 'sportspress' ), __( 'Leagues', 'sportspress' ) ),
|
||||||
'taxonomy' => 'sp_league',
|
'taxonomy' => 'sp_league',
|
||||||
'name' => 'sportspress[sp_league]',
|
'name' => 'sp_league',
|
||||||
'selected' => $league
|
'selected' => $league
|
||||||
);
|
);
|
||||||
sp_dropdown_taxonomies( $args );
|
sp_dropdown_taxonomies( $args );
|
||||||
|
|||||||
Reference in New Issue
Block a user