Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixes #721 Replace usage of FILTER_SANITIZE_STRING #722

Merged
merged 7 commits into from
May 26, 2023
Merged

Fixes #721 Replace usage of FILTER_SANITIZE_STRING #722

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
234c450
replace usage of FILTER_SANITIZE_STRING
remyperona Apr 14, 2023
89816b5
fix PHPCS
remyperona Apr 14, 2023
48ef107
fix PHPCS
remyperona Apr 14, 2023
7b232f7
fix PHPCS
remyperona Apr 14, 2023
e1bb615
fix PHPCS
remyperona Apr 14, 2023
f5b7ab0
fix PHP notice
remyperona May 25, 2023
cc948af
add PHPCS ignore
remyperona May 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions classes/Bulk/Bulk.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -413,13 +413,14 @@ public function can_optimize() {
*
* @since 1.9
*
* @param string $method The method used: 'GET' (default), or 'POST'.
* @param string $parameter The name of the parameter to look for.
* @param string $method The method used: 'GET' (default), or 'POST'.
* @param string $parameter The name of the parameter to look for.
*
* @return string
*/
public function get_context( $method = 'GET', $parameter = 'context' ) {
$method = 'POST' === $method ? INPUT_POST : INPUT_GET;
$context = filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
$context = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); //phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
$context = htmlspecialchars( $context );

return imagify_sanitize_context( $context );
}
Expand Down Expand Up @@ -557,7 +558,7 @@ public function bulk_info_seen_callback() {
public function bulk_get_stats_callback() {
imagify_check_nonce( 'imagify-bulk-optimize' );

$folder_types = filter_input( INPUT_GET, 'types', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
$folder_types = filter_input( INPUT_GET, 'types', FILTER_REQUIRE_ARRAY );
$folder_types = is_array( $folder_types ) ? array_filter( $folder_types, 'is_string' ) : [];

if ( ! $folder_types ) {
Expand Down
24 changes: 13 additions & 11 deletions inc/classes/class-imagify-admin-ajax-post.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1148,7 +1148,7 @@ public function imagify_dismiss_ad_callback() {
imagify_die();
}

$notice = filter_input( INPUT_GET, 'ad', FILTER_SANITIZE_STRING );
$notice = htmlspecialchars( wp_unslash( $_GET['ad'] ) );

if ( ! $notice ) {
imagify_maybe_redirect();
Expand Down Expand Up @@ -1215,8 +1215,8 @@ public function get_optimization_level( $method = 'GET', $parameter = 'optimizat
* @return string
*/
public function get_context( $method = 'GET', $parameter = 'context' ) {
$method = 'POST' === $method ? INPUT_POST : INPUT_GET;
$context = filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
$context = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
$context = htmlspecialchars( $context );

return imagify_sanitize_context( $context );
}
Expand Down Expand Up @@ -1246,28 +1246,30 @@ public function get_media_id( $method = 'GET', $parameter = 'attachment_id' ) {
*
* @since 1.9
*
* @param string $method The method used: 'GET' (default), or 'POST'.
* @param string $parameter The name of the parameter to look for.
* @param string $method The method used: 'GET' (default), or 'POST'.
* @param string $parameter The name of the parameter to look for.
*
* @return string
*/
public function get_folder_type( $method = 'GET', $parameter = 'folder_type' ) {
$method = 'POST' === $method ? INPUT_POST : INPUT_GET;
$folder_type = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended

return filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
return htmlspecialchars( $folder_type );
}

/**
* Get the submitted imagify action.
*
* @since 1.9
*
* @param string $method The method used: 'GET' (default), or 'POST'.
* @param string $parameter The name of the parameter to look for.
* @param string $method The method used: 'GET' (default), or 'POST'.
* @param string $parameter The name of the parameter to look for.
*
* @return string
*/
public function get_imagify_action( $method = 'GET', $parameter = 'imagify_action' ) {
$method = 'POST' === $method ? INPUT_POST : INPUT_GET;
$action = filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
$action = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
$action = htmlspecialchars( $action );

return $action ? $action : 'optimize';
}
Expand Down
Loading