Sanitize calendar inputs using sp_array_value sanitization

2021-11-05 23:49:09 +09:00
parent 1554ac0d0e
commit f7ed06dddc
5 changed files with 17 additions and 17 deletions
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-columns.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-columns.php
@@ -77,6 +77,6 @@ class SP_Meta_Box_Calendar_Columns {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array() ) );
+		update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array(), 'text' ) );
 	}
 }
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-data.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-data.php
@@ -29,7 +29,7 @@ class SP_Meta_Box_Calendar_Data {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array() ) );
+		update_post_meta( $post_id, 'sp_columns', sp_array_value( $_POST, 'sp_columns', array(), 'text' ) );
 	}
 	/**
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-details.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-details.php
@@ -166,21 +166,21 @@ class SP_Meta_Box_Calendar_Details {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_caption', sanitize_text_field( sp_array_value( $_POST, 'sp_caption', 0 ) ) );
+		update_post_meta( $post_id, 'sp_caption', sp_array_value( $_POST, 'sp_caption', 0, 'text' ) );
-		update_post_meta( $post_id, 'sp_status', sanitize_text_field( sp_array_value( $_POST, 'sp_status', 0 ) ) );
+		update_post_meta( $post_id, 'sp_status', sp_array_value( $_POST, 'sp_status', 0, 'text' ) );
-		update_post_meta( $post_id, 'sp_event_format', sanitize_key( sp_array_value( $_POST, 'sp_event_format', 0 ) ) );
+		update_post_meta( $post_id, 'sp_event_format', sp_array_value( $_POST, 'sp_event_format', 0, 'key' ) );
-		update_post_meta( $post_id, 'sp_date', sanitize_text_field( sp_array_value( $_POST, 'sp_date', 0 ) ) );
+		update_post_meta( $post_id, 'sp_date', sp_array_value( $_POST, 'sp_date', 0, 'text' ) );
-		update_post_meta( $post_id, 'sp_date_from', sanitize_text_field( sp_array_value( $_POST, 'sp_date_from', null ) ) );
+		update_post_meta( $post_id, 'sp_date_from', sp_array_value( $_POST, 'sp_date_from', null, 'text' ) );
-		update_post_meta( $post_id, 'sp_date_to', sanitize_text_field( sp_array_value( $_POST, 'sp_date_to', null ) ) );
+		update_post_meta( $post_id, 'sp_date_to', sp_array_value( $_POST, 'sp_date_to', null, 'text' ) );
-		update_post_meta( $post_id, 'sp_date_past', sanitize_text_field( sp_array_value( $_POST, 'sp_date_past', 0 ) ) );
+		update_post_meta( $post_id, 'sp_date_past', sp_array_value( $_POST, 'sp_date_past', 0, 'text' ) );
-		update_post_meta( $post_id, 'sp_date_future', sanitize_text_field( sp_array_value( $_POST, 'sp_date_future', 0 ) ) );
+		update_post_meta( $post_id, 'sp_date_future', sp_array_value( $_POST, 'sp_date_future', 0, 'text' ) );
-		update_post_meta( $post_id, 'sp_date_relative', sanitize_text_field( sp_array_value( $_POST, 'sp_date_relative', 0 ) ) );
+		update_post_meta( $post_id, 'sp_date_relative', sp_array_value( $_POST, 'sp_date_relative', 0, 'text' ) );
-		update_post_meta( $post_id, 'sp_day', sanitize_text_field( sp_array_value( $_POST, 'sp_day', null ) ) );
+		update_post_meta( $post_id, 'sp_day', sp_array_value( $_POST, 'sp_day', null, 'text' ) );
 		$tax_input = sp_array_value( $_POST, 'tax_input', array() );
 		update_post_meta( $post_id, 'sp_main_league', in_array( 'auto', sp_array_value( $tax_input, 'sp_league' ) ) );
 		update_post_meta( $post_id, 'sp_current_season', in_array( 'auto', sp_array_value( $tax_input, 'sp_season' ) ) );
-		update_post_meta( $post_id, 'sp_orderby', sanitize_key( sp_array_value( $_POST, 'sp_orderby', null ) ) );
+		update_post_meta( $post_id, 'sp_orderby', sp_array_value( $_POST, 'sp_orderby', null, 'key' ) );
-		update_post_meta( $post_id, 'sp_order', sanitize_text_field( sp_array_value( $_POST, 'sp_order', null ) ) );
+		update_post_meta( $post_id, 'sp_order', sp_array_value( $_POST, 'sp_order', null, 'text' ) );
 		sp_update_post_meta_recursive( $post_id, 'sp_team', sp_array_value( $_POST, 'sp_team', array(), 'int' ) );
 		sp_update_post_meta_recursive( $post_id, 'sp_player', sp_array_value( $_POST, 'sp_player', array(), 'int' ) );
 	}
--- a/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php
+++ b/includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-format.php
@@ -34,6 +34,6 @@ class SP_Meta_Box_Calendar_Format {
 	 * Save meta box data
 	 */
 	public static function save( $post_id, $post ) {
-		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'calendar' ) );
+		update_post_meta( $post_id, 'sp_format', sp_array_value( $_POST, 'sp_format', 'calendar', 'text' ) );
 	}
 }
--- a/includes/sp-core-functions.php
+++ b/includes/sp-core-functions.php
@@ -319,7 +319,7 @@ if ( !function_exists( 'sp_array_value' ) ) {
            $value = array_map( 'sanitize_title', $value );
            break;
          case 'text':
-            $value = array_map( 'sanitize_text', $value );
+            $value = array_map( 'sanitize_text_field', $value );
            break;
          case 'key':
            $value = array_map( 'sanitize_key', $value );
@@ -334,7 +334,7 @@ if ( !function_exists( 'sp_array_value' ) ) {
            $value = sanitize_title( $value );
            break;
          case 'text':
-            $value = sanitize_text( $value );
+            $value = sanitize_text_field( $value );
            break;
          case 'key':
            $value = sanitize_key( $value );