WP_PLUGIN/POST_ORDER_BY_ARCHIVE
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

WP PLUGIN 申請指摘事項の修正

Browse Source 
・$_POSTのサニタイズ
・echoのエスケープ
・readmeの修正
This commit is contained in:
nobu
2021-06-17 14:00:18 +09:00
parent e3c8fc967c
commit 00d6775f77
12 changed files with 91 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files
class/class.apop.apop_post.php
+1 -2
View File
@@ -119,8 +119,7 @@ if ( ! class_exists( 'APOP_POST' ) ) {
if ( count( $this->name_keys ) > 0 ) {
foreach ( $this->name_keys as $name_key ) {
$save_key = APOP_CUSTOM_FIELD_PREFIX . $name_key;
update_post_meta( $post_id, $save_key, $_POST[ $save_key ] ?? '' );
update_post_meta( $post_id, $save_key, $_POST[ $save_key ] ?? '' );
update_post_meta( $post_id, $save_key, APOP_UI::input_post_filter( $save_key, 'str' ) );
}
}
}
class/class.apop.apop_ui.php
+2 -2
View File
@@ -433,10 +433,10 @@ value="meta_value_num"' . self::set_search_normal_checked( $value_type, 'meta_va
public static function input_post_filter( $var_name, $type ) {
if ( $type == 'array' ) {
return filter_input( INPUT_POST, $var_name, FILTER_DEFAULT, FILTER_REQUIRE_ARRAY );
return filter_input( INPUT_POST, $var_name, FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
}
if ( $type == 'str' ) {
return filter_input( INPUT_POST, $var_name );
return filter_input( INPUT_POST, $var_name, FILTER_SANITIZE_STRING );
}
}