Skip to content

Commit

Permalink
Updates from wp review
Browse files Browse the repository at this point in the history
  • Loading branch information
@BaronVonPerko
BaronVonPerko committed May 28, 2020
1 parent 671559a commit 1053206
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 5 deletions.
3 changes: 2 additions & 1 deletion inc/Forms/AdminPageForms.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,8 @@ public static function ControlForm( $sectionKey ) {
<form method="post" action="options.php" class="wpcui-control-form">
<?= self::FormAction( $action ); ?>
<input type="hidden" name="section" value="<?= $sectionKey ?>">
<input type="hidden" name="old_control_id" value="<?= $_POST[AdminFormStatus::EditControl] ?>">
<input type="hidden" name="old_control_id"
value="<?= sanitize_text_field( $_POST[ AdminFormStatus::EditControl ] ) ?>">
<?php
settings_fields( 'wpcui' );
do_settings_sections( 'wpcui-control' );
Expand Down
2 changes: 1 addition & 1 deletion inc/Services/AdminFormStatusService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public static function IsEditControl() {
*/
public static function IsEditControlForSection( $sectionId ) {
if ( isset( $_POST[ AdminFormStatus::EditControl ] ) ) {
$control = DataService::getControlById( $_POST[ AdminFormStatus::EditControl ] );
$control = DataService::getControlById( sanitize_text_field( $_POST[ AdminFormStatus::EditControl ] ) );

return $control['section'] == $sectionId;
}
Expand Down
4 changes: 2 additions & 2 deletions inc/Services/AdminSanitizerService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public function sanitizeSettings( $input ): array {
$settings = DataService::getSettings();

if ( array_key_exists( 'wpcui_action', $_POST ) ) {
switch ( $_POST['wpcui_action'] ) {
switch ( sanitize_text_field( $_POST['wpcui_action'] ) ) {
case AdminPageFormActions::CreateNewSection:
$settings = $this->sanitizeNewSection( $input, $settings );
break;
Expand Down Expand Up @@ -161,7 +161,7 @@ private function sanitizeUpdateControl( $input, $settings ) {
return $settings;
}

$oldControlId = $_POST['old_control_id'];
$oldControlId = sanitize_text_field( $_POST['old_control_id'] );

foreach ( $settings['sections'] as $sectionKey => $section ) {
foreach ( $section['controls'] as $control ) {
Expand Down
2 changes: 1 addition & 1 deletion inc/Services/AdminSettingsService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ private function addControlSettings() {
$existingControl = null;
if ( AdminFormStatusService::IsEditControl() ) {
$title = 'Edit Control';
$existingControl = DataService::getControlById( esc_attr( $_POST[AdminFormStatus::EditControl] ) );
$existingControl = DataService::getControlById( sanitize_text_field( $_POST[ AdminFormStatus::EditControl ] ) );
}

add_settings_section(
Expand Down

0 comments on commit 1053206

Please sign in to comment.