asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize calendar inputs using sp_array_value sanitization

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-05 23:49:09 +09:00
parent 1554ac0d0e
commit f7ed06dddc
5 changed files with 17 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-columns.php
View File

@@ -77,6 +77,6 @@ class SP_Meta_Box_Calendar_Columns {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array() ) );
update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array(), 'text' ) );
}
}

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-data.php
View File

@@ -29,7 +29,7 @@ class SP_Meta_Box_Calendar_Data {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array() ) );
update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array(), 'text' ) );
}
/**

24
includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-details.php
View File

@@ -166,21 +166,21 @@ class SP_Meta_Box_Calendar_Details {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_caption', sanitize_text_field( sp_array_value( $_POST, 'sp_caption', 0 ) ) );
update_post_meta( $post_id, 'sp_status', sanitize_text_field( sp_array_value( $_POST, 'sp_status', 0 ) ) );
update_post_meta( $post_id, 'sp_event_format', sanitize_key( sp_array_value( $_POST, 'sp_event_format', 0 ) ) );
update_post_meta( $post_id, 'sp_date', sanitize_text_field( sp_array_value( $_POST, 'sp_date', 0 ) ) );
update_post_meta( $post_id, 'sp_date_from', sanitize_text_field( sp_array_value( $_POST, 'sp_date_from', null ) ) );
update_post_meta( $post_id, 'sp_date_to', sanitize_text_field( sp_array_value( $_POST, 'sp_date_to', null ) ) );
update_post_meta( $post_id, 'sp_date_past', sanitize_text_field( sp_array_value( $_POST, 'sp_date_past', 0 ) ) );
update_post_meta( $post_id, 'sp_date_future', sanitize_text_field( sp_array_value( $_POST, 'sp_date_future', 0 ) ) );
update_post_meta( $post_id, 'sp_date_relative', sanitize_text_field( sp_array_value( $_POST, 'sp_date_relative', 0 ) ) );
update_post_meta( $post_id, 'sp_day', sanitize_text_field( sp_array_value( $_POST, 'sp_day', null ) ) );
update_post_meta( $post_id, 'sp_caption', sp_array_value( $_POST, 'sp_caption', 0, 'text' ) );
update_post_meta( $post_id, 'sp_status', sp_array_value( $_POST, 'sp_status', 0, 'text' ) );
update_post_meta( $post_id, 'sp_event_format', sp_array_value( $_POST, 'sp_event_format', 0, 'key' ) );
update_post_meta( $post_id, 'sp_date', sp_array_value( $_POST, 'sp_date', 0, 'text' ) );
update_post_meta( $post_id, 'sp_date_from', sp_array_value( $_POST, 'sp_date_from', null, 'text' ) );
update_post_meta( $post_id, 'sp_date_to', sp_array_value( $_POST, 'sp_date_to', null, 'text' ) );
update_post_meta( $post_id, 'sp_date_past', sp_array_value( $_POST, 'sp_date_past', 0, 'text' ) );
update_post_meta( $post_id, 'sp_date_future', sp_array_value( $_POST, 'sp_date_future', 0, 'text' ) );
update_post_meta( $post_id, 'sp_date_relative', sp_array_value( $_POST, 'sp_date_relative', 0, 'text' ) );
update_post_meta( $post_id, 'sp_day', sp_array_value( $_POST, 'sp_day', null, 'text' ) );
$tax_input = sp_array_value( $_POST, 'tax_input', array() );
update_post_meta( $post_id, 'sp_main_league', in_array( 'auto', sp_array_value( $tax_input, 'sp_league' ) ) );
update_post_meta( $post_id, 'sp_current_season', in_array( 'auto', sp_array_value( $tax_input, 'sp_season' ) ) );
update_post_meta( $post_id, 'sp_orderby', sanitize_key( sp_array_value( $_POST, 'sp_orderby', null ) ) );
update_post_meta( $post_id, 'sp_order', sanitize_text_field( sp_array_value( $_POST, 'sp_order', null ) ) );
update_post_meta( $post_id, 'sp_orderby', sp_array_value( $_POST, 'sp_orderby', null, 'key' ) );
update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', null, 'text' ) );
sp_update_post_meta_recursive( $post_id, 'sp_team', sp_array_value( $_POST, 'sp_team', array(), 'int' ) );
sp_update_post_meta_recursive( $post_id, 'sp_player', sp_array_value( $_POST, 'sp_player', array(), 'int' ) );
}

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php
View File

@@ -34,6 +34,6 @@ class SP_Meta_Box_Calendar_Format {
* Save meta box data
*/
public static function save( $post_id, $post ) {
update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'calendar' ) );
update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'calendar', 'text' ) );
}
}

4
includes/sp-core-functions.php
View File

@@ -319,7 +319,7 @@ if ( !function_exists( 'sp_array_value' ) ) {
$value = array_map( 'sanitize_title', $value );
break;
case 'text':
$value = array_map( 'sanitize_text', $value );
$value = array_map( 'sanitize_text_field', $value );
break;
case 'key':
$value = array_map( 'sanitize_key', $value );
@@ -334,7 +334,7 @@ if ( !function_exists( 'sp_array_value' ) ) {
$value = sanitize_title( $value );
break;
case 'text':
$value = sanitize_text( $value );
$value = sanitize_text_field( $value );
break;
case 'key':
$value = sanitize_key( $value );