Add sanitize calls to the code
-
Hi,
Could you add some sanitize calls to your code when you add data to the database.
https://codex.ww.wp.xz.cn/Validating_Sanitizing_and_Escaping_User_Data
/** * Check option as default. * * @return void. */ public function check() { // If valid ajax request. if ( static::is_valid_ajax() ) { /** @var Es_Settings_Container $es_settings */ global $es_settings; $es_settings->saveOne( $_POST['container'], $_POST['id'] ); $response = array( 'message' => __( 'Item has been selected.', 'es-plugin' ), 'status' => 'success' ); } else { $response = array( 'message' => __( 'Invalid ajax request.', 'es-plugin' ), 'status' => 'error' ); } wp_die( json_encode( $response ) ); }And:
public static function remove() { // If valid ajax request. if ( static::is_valid_ajax() && $_POST['action'] ) { // Get available values. $values = Es_Settings_Container::get_setting_values( $_POST['container'] ); // Remove item using ID and storage. if ( ! empty( $values ) ) { $values = get_option( $_POST['storage'], array() ); unset( $values[ $_POST['id'] ] ); update_option( $_POST['storage'], $values ); $response = array( 'message' => __( 'Item is successfully deleted.', 'es-plugin' ), 'status' => 'success' ); } else { $response = array( 'message' => __( 'Nothing for delete.', 'es-plugin' ), 'status' => 'warning' ); } } else { $response = array( 'message' => __( 'Invalid ajax request.', 'es-plugin' ), 'status' => 'error' ); } wp_die( json_encode( $response ) ); }Never trust user input.
Thank you.
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
The topic ‘Add sanitize calls to the code’ is closed to new replies.
