WordPress.org
Get WordPress

Plugin Directory

Changeset 2493496


Ignore:
Timestamp:
03/11/2021 05:41:01 PM (5 years ago)
Author:
freetobook
Message:

Sanitize input values

Location:
freetobook-review-widget
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • freetobook-review-widget/tags/1.1/freetobook-review-widget.php

    r2492173 r2493496  
    101101                <tr>
    102102                    <td style="width:130px">Review Widget Key</td>
    103                     <td><input type="text" size="20" name="ftb-review-widget-key" value="' . $this->widget_key . '" ></td>
     103                    <td><input type="text" size="20" name="ftb-review-widget-key" value="' . esc_attr($this->widget_key) . '" ></td>
    104104                </tr>
    105105
     
    133133
    134134           if (!empty($_POST['ftb-review-widget-key'])) {
    135                $reviewWidgetKey = trim($_POST['ftb-review-widget-key']);
     135               $reviewWidgetKey = sanitize_text_field($_POST['ftb-review-widget-key']);
    136136               if (preg_match('/^[a-z0-9]+$/i', $reviewWidgetKey) === 1) {
    137137                   check_admin_referer('freetobook_review_update', 'ftb_nonce');
     
    253253            <br>
    254254            <div style="text-align:center;width:220px;margin:0 auto;">
    255             Width:<input readonly type="text" size="3" 
     255            Width:<input readonly type="text" size="3"
    256256                    id="ftb_review_width_<?php echo $this->number?>"
    257257                    name="<?php echo $this->get_field_name( 'width' ) ?>"

  • freetobook-review-widget/trunk/freetobook-review-widget.php

    r2492145 r2493496  
    101101                <tr>
    102102                    <td style="width:130px">Review Widget Key</td>
    103                     <td><input type="text" size="20" name="ftb-review-widget-key" value="' . $this->widget_key . '" ></td>
     103                    <td><input type="text" size="20" name="ftb-review-widget-key" value="' . esc_attr($this->widget_key) . '" ></td>
    104104                </tr>
    105105
     
    133133
    134134           if (!empty($_POST['ftb-review-widget-key'])) {
    135                $reviewWidgetKey = trim($_POST['ftb-review-widget-key']);
     135               $reviewWidgetKey = sanitize_text_field($_POST['ftb-review-widget-key']);
    136136               if (preg_match('/^[a-z0-9]+$/i', $reviewWidgetKey) === 1) {
    137137                   check_admin_referer('freetobook_review_update', 'ftb_nonce');
Note: See TracChangeset for help on using the changeset viewer.