Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Replaced the deprecated FILTER_SANITIZE_STRING with sanitize_text_field #388

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1,633 changes: 707 additions & 926 deletions composer.lock

Large diffs are not rendered by default.

10 changes: 7 additions & 3 deletions includes/actions.php
Original file line number Diff line number Diff line change
Expand Up @@ -385,8 +385,11 @@ function wpum_complete_setup() {
function wpum_prevent_wp_login() {
global $pagenow;

$action = filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
$wpum_override = filter_input( INPUT_GET, 'wpum_override' );
$action = filter_input( INPUT_GET, 'action', FILTER_UNSAFE_RAW );
$action = sanitize_text_field( $action );

$wpum_override = filter_input( INPUT_GET, 'wpum_override', FILTER_UNSAFE_RAW );
$wpum_override = sanitize_text_field( $wpum_override );

if ( $pagenow && 'wp-login.php' === $pagenow && ! $wpum_override && ( ! $action || ( ! in_array( $action, array( 'logout', 'lostpassword', 'rp', 'resetpass', 'postpass' ), true ) ) ) ) {
$page = wp_login_url();
Expand Down Expand Up @@ -963,7 +966,8 @@ function validate_user_meta_key() {


add_action( 'the_content', function( $content ) {
$registration = filter_input( INPUT_GET, 'registration', FILTER_SANITIZE_STRING );
$registration = filter_input( INPUT_GET, 'registration', FILTER_UNSAFE_RAW );
$registration = sanitize_text_field( $registration );
if ( empty( $registration ) || 'success' !== $registration ) {
return $content;
}
Expand Down
3 changes: 2 additions & 1 deletion includes/admin/class-wpum-permalinks-settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,8 @@ public function save_structure() {
}

// Check that the saved permalink method is one of the registered structures.
$user_permalink = filter_input( INPUT_POST, 'user_permalink', FILTER_SANITIZE_STRING );
$user_permalink = filter_input( INPUT_POST, 'user_permalink', FILTER_UNSAFE_RAW );
$user_permalink = sanitize_text_field( $user_permalink );
if ( array_key_exists( $user_permalink, wpum_get_permalink_structures() ) ) {
$user_permalink = sanitize_text_field( $user_permalink );
update_option( 'wpum_permalink', $user_permalink );
Expand Down
3 changes: 2 additions & 1 deletion includes/admin/class-wpum-plugin-updates.php
Original file line number Diff line number Diff line change
Expand Up @@ -652,7 +652,8 @@ public function migrate_directories() {
* @return void
*/
public function upgrade() {
$update_version = filter_input( INPUT_GET, 'wpum-plugin-updates', FILTER_SANITIZE_STRING );
$update_version = filter_input( INPUT_GET, 'wpum-plugin-updates', FILTER_UNSAFE_RAW );
$update_version = sanitize_text_field( $update_version );

if ( 'v202' === $update_version && current_user_can( 'manage_options' ) && ! get_option( 'v202_upgrade' ) ) {

Expand Down
3 changes: 2 additions & 1 deletion includes/class-wp-user-manager.php
Original file line number Diff line number Diff line change
Expand Up @@ -386,7 +386,8 @@ private function includes() {

require_once WPUM_PLUGIN_DIR . 'includes/install.php';

$email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_SANITIZE_STRING );
$email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_UNSAFE_RAW );
$email_customizer = sanitize_text_field( $email_customizer );
if ( defined( 'DOING_AJAX' ) || 'true' === $email_customizer ) {
require_once WPUM_PLUGIN_DIR . 'includes/emails/class-wpum-emails-customizer-scripts.php';
require_once WPUM_PLUGIN_DIR . 'includes/emails/class-wpum-emails-customizer.php';
Expand Down
3 changes: 2 additions & 1 deletion includes/emails/class-wpum-emails-customizer-scripts.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ public function customize_preview() {
* @return void
*/
public function customize_controls() {
$selected_email_id = filter_input( INPUT_GET, 'email', FILTER_SANITIZE_STRING );
$selected_email_id = filter_input( INPUT_GET, 'email', FILTER_UNSAFE_RAW );
$selected_email_id = sanitize_text_field( $selected_email_id );

wp_enqueue_editor();
wp_enqueue_script( 'wpum-email-customize-controls', WPUM_PLUGIN_URL . 'assets/js/admin/admin-email-customizer-controls.min.js', array( 'customize-controls' ), WPUM_VERSION, true );
Expand Down
18 changes: 11 additions & 7 deletions includes/emails/class-wpum-emails-customizer.php
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,8 @@ private function includes() {
* @return bool
*/
public function remove_sections( $active, $section ) {
$wpum_email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_SANITIZE_STRING );
$wpum_email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_UNSAFE_RAW );
$wpum_email_customizer = sanitize_text_field( $wpum_email_customizer );

// Bail if not our customizer.
if ( empty( $wpum_email_customizer ) ) {
Expand Down Expand Up @@ -112,7 +113,8 @@ public function remove_sections( $active, $section ) {
* @return bool
*/
public function remove_panels( $active, $panel ) {
$wpum_email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_SANITIZE_STRING );
$wpum_email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_UNSAFE_RAW );
$wpum_email_customizer = sanitize_text_field( $wpum_email_customizer );

if ( empty( $wpum_email_customizer ) ) {
return true;
Expand All @@ -124,7 +126,10 @@ public function remove_panels( $active, $panel ) {
foreach ( wpum_get_registered_emails() as $email_id => $registered_email ) {
$panels[] = $email_id;
}
if ( in_array( $panel->id, $panels, true ) && filter_input( INPUT_GET, 'email', FILTER_SANITIZE_STRING ) === $panel->id ) {

$email_id = filter_input( INPUT_GET, 'email', FILTER_UNSAFE_RAW );
$email_id = sanitize_text_field( $email_id );
if ( in_array( $panel->id, $panels, true ) && $email_id === $panel->id ) {
return true;
}
return false;
Expand Down Expand Up @@ -283,11 +288,10 @@ private function get_default( $email_id, $field = false ) {
* @return void
*/
public function customizer_setup_preview() {
$email = filter_input( INPUT_GET, 'email', FILTER_SANITIZE_STRING );

if ( is_customize_preview() && $email ) {
$email_id = filter_input( INPUT_GET, 'email', FILTER_UNSAFE_RAW );
$email_id = sanitize_text_field( $email_id );

$email_id = sanitize_text_field( $email );
if ( is_customize_preview() && $email_id ) {

WPUM()->templates
->set_template_data( array(
Expand Down
10 changes: 7 additions & 3 deletions includes/emails/class-wpum-emails-list.php
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,8 @@ public function setup_menu_page() {
* @return void
*/
public function load_scripts() {
$page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
$page = filter_input( INPUT_GET, 'page', FILTER_UNSAFE_RAW );
$page = sanitize_text_field( $page );

if ( 'wpum-emails' === $page ) {

Expand Down Expand Up @@ -155,8 +156,11 @@ public function wpum_enabled_email() {

check_ajax_referer( 'wpum_test_email', 'nonce' );

$enabled = filter_input( INPUT_POST, 'enabled', FILTER_SANITIZE_STRING );
$key = filter_input( INPUT_POST, 'key', FILTER_SANITIZE_STRING );
$enabled = filter_input( INPUT_POST, 'enabled', FILTER_UNSAFE_RAW );
$enabled = sanitize_text_field( $enabled );

$key = filter_input( INPUT_POST, 'key', FILTER_UNSAFE_RAW );
$key = sanitize_text_field( $key );

if ( ! empty( $key ) && current_user_can( apply_filters( 'wpum_admin_pages_capability', 'manage_options' ) ) && is_admin() ) {
$emails = wpum_get_emails();
Expand Down
3 changes: 2 additions & 1 deletion includes/fields/types/class-wpum-field-userrole.php
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,8 @@ public function get_posted_field( $key, $field ) {
return isset( $_POST[ $key ] ) ? array_map( 'sanitize_text_field', $_POST[ $key ] ) : array(); // phpcs:ignore
}

return filter_input( INPUT_POST, $key, FILTER_SANITIZE_STRING );
$field_value = filter_input( INPUT_POST, $key, FILTER_UNSAFE_RAW );
return sanitize_text_field( $field_value );
}

/**
Expand Down
7 changes: 4 additions & 3 deletions includes/forms/class-wpum-form-password-recovery.php
Original file line number Diff line number Diff line change
Expand Up @@ -313,7 +313,8 @@ public function reset() {
$this->init_fields();

$cookie_key = self::get_cookie();
$cookie = filter_input( INPUT_COOKIE, $cookie_key, FILTER_SANITIZE_STRING );
$cookie = filter_input( INPUT_COOKIE, $cookie_key, FILTER_UNSAFE_RAW );
$cookie = sanitize_text_field( $cookie );

if ( $cookie && 0 < strpos( $cookie, ':' ) ) {
list( $rp_login, $verification_key ) = explode( ':', wp_unslash( $cookie ), 2 );
Expand Down Expand Up @@ -421,8 +422,8 @@ public function reset_handler() {
$password_2 = $values['password']['password_2'];

$cookie_key = self::get_cookie();
$cookie = filter_input( INPUT_COOKIE, $cookie_key, FILTER_SANITIZE_STRING );

$cookie = filter_input( INPUT_COOKIE, $cookie_key, FILTER_UNSAFE_RAW );
$cookie = sanitize_text_field( $cookie );
if ( $cookie && 0 < strpos( $cookie, ':' ) ) {
list( $rp_login, $verification_key ) = explode( ':', wp_unslash( $cookie ), 2 );

Expand Down
4 changes: 2 additions & 2 deletions includes/forms/class-wpum-form-password.php
Original file line number Diff line number Diff line change
Expand Up @@ -244,8 +244,8 @@ public function submit_handler() {

$active_tab = get_query_var( 'tab' );
if ( empty( $active_tab ) ) {
$tab = filter_input( INPUT_GET, 'tab', FILTER_SANITIZE_STRING );

$tab = filter_input( INPUT_GET, 'tab', FILTER_UNSAFE_RAW );
$tab = sanitize_text_field( $tab );
$active_tab = $tab ? $tab : 'password';
}
$redirect = get_permalink();
Expand Down
2 changes: 1 addition & 1 deletion includes/forms/class-wpum-registration-forms-editor.php
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ public function update_form() {
}

$form_id = filter_input( INPUT_POST, 'form_id', FILTER_VALIDATE_INT );
$form_name = filter_input( INPUT_POST, 'form_name', FILTER_SANITIZE_STRING );
$form_name = filter_input( INPUT_POST, 'form_name', FILTER_UNSAFE_RAW );
$form_name = $form_name ? sanitize_text_field( $form_name ) : false;

if ( $form_id && $form_name ) {
Expand Down
12 changes: 9 additions & 3 deletions includes/integrations/elementor/class-wpum-elementor-loader.php
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,15 @@ public function init() {
add_filter( 'elementor/widget/render_content', array( $this, 'wpum_restrict_widget_content' ), 10, 2 );

add_filter( 'wpum_shortcode_logged_in_override', function ( $override ) {
$post = filter_input( INPUT_GET, 'post', FILTER_SANITIZE_STRING );
$elementor1 = filter_input( INPUT_GET, 'elementor', FILTER_SANITIZE_STRING );
$elementor2 = 'elementor' === filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
$post = filter_input( INPUT_GET, 'post', FILTER_UNSAFE_RAW );
$post = sanitize_text_field( $post );

$elementor1 = filter_input( INPUT_GET, 'elementor', FILTER_UNSAFE_RAW );
$elementor1 = sanitize_text_field( $elementor1 );

$action = filter_input( INPUT_GET, 'action', FILTER_UNSAFE_RAW );
$action = sanitize_text_field( $action );
$elementor2 = 'elementor' === $action;

if ( ! empty( $post ) && ( ! empty( $elementor1 ) || $elementor2 ) ) {
return true;
Expand Down
12 changes: 8 additions & 4 deletions includes/integrations/stripe/Account.php
Original file line number Diff line number Diff line change
Expand Up @@ -254,7 +254,8 @@ public function handle_download_invoice() {
* @throws \Stripe\Exception\ApiErrorException
*/
public function handle_manage_billing() {
$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
$nonce = filter_input( INPUT_POST, 'nonce', FILTER_UNSAFE_RAW );
$nonce = sanitize_text_field( $nonce );

if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wpum-stripe-manage-billing' ) ) {
wp_send_json_error( __( 'Unknown Error', 'wp-user-manager' ) );
Expand All @@ -279,13 +280,15 @@ public function handle_manage_billing() {
* Handle checkout
*/
public function handle_checkout() {
$plan_id = filter_input( INPUT_POST, 'plan', FILTER_SANITIZE_STRING );
$plan_id = filter_input( INPUT_POST, 'plan', FILTER_UNSAFE_RAW );
$plan_id = sanitize_text_field( $plan_id );

if ( empty( $plan_id ) ) {
wp_send_json_error( __( 'Unknown plan', 'wp-user-manager' ) );
}

$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
$nonce = filter_input( INPUT_POST, 'nonce', FILTER_UNSAFE_RAW );
$nonce = sanitize_text_field( $nonce );

if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wpum-stripe-plan-' . $plan_id ) ) {
wp_send_json_error( __( 'Unknown Error', 'wp-user-manager' ) );
Expand Down Expand Up @@ -339,7 +342,8 @@ public function get_redirect_after_account_payment( $plan_id, $form = false ) {
* Render payment message
*/
public function render_payment_message() {
$payment = filter_input( INPUT_GET, 'payment', FILTER_SANITIZE_STRING );
$payment = filter_input( INPUT_GET, 'payment', FILTER_UNSAFE_RAW );
$payment = sanitize_text_field( $payment );
if ( 'success' !== $payment ) {
return;
}
Expand Down
9 changes: 6 additions & 3 deletions includes/integrations/stripe/Connect.php
Original file line number Diff line number Diff line change
Expand Up @@ -162,17 +162,20 @@ public function disconnect_url( $mode ) {
* Complete connection
*/
public function complete() {
$page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
$page = filter_input( INPUT_GET, 'page', FILTER_UNSAFE_RAW );
$page = sanitize_text_field( $page );
if ( empty( $page ) || 'wpum-settings' !== $page ) {
return;
}

$action = filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
$action = filter_input( INPUT_GET, 'action', FILTER_UNSAFE_RAW );
$action = sanitize_text_field( $action );
if ( empty( $action ) || 'stripe_connect' !== $action ) {
return;
}

$state = filter_input( INPUT_GET, 'state', FILTER_SANITIZE_STRING );
$state = filter_input( INPUT_GET, 'state', FILTER_UNSAFE_RAW );
$state = sanitize_text_field( $state );
if ( empty( $state ) ) {
return;
}
Expand Down
21 changes: 13 additions & 8 deletions includes/integrations/stripe/Settings.php
Original file line number Diff line number Diff line change
Expand Up @@ -356,17 +356,18 @@ public function stripe_connect_account_info_ajax_response() {
return wp_send_json_error( $unknown_error );
}

$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
$nonce = filter_input( INPUT_POST, 'nonce', FILTER_UNSAFE_RAW );
$nonce = sanitize_text_field( $nonce );

// Nonce validation, show error on fail.
if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wpum-stripe-connect-account-information' ) ) {
return wp_send_json_error( $unknown_error );
}

$account_id = filter_input( INPUT_POST, 'account_id', FILTER_SANITIZE_STRING );
$account_id = $account_id ? sanitize_text_field( $account_id ) : '';
$account_id = filter_input( INPUT_POST, 'account_id', FILTER_UNSAFE_RAW );
$account_id = sanitize_text_field( $account_id );

$gateway_mode = filter_input( INPUT_POST, 'gateway_mode', FILTER_SANITIZE_STRING );
$gateway_mode = filter_input( INPUT_POST, 'gateway_mode', FILTER_UNSAFE_RAW );
$mode = $gateway_mode ? sanitize_text_field( $gateway_mode ) : 'test';

// Provides general reconnect and disconnect action URLs.
Expand Down Expand Up @@ -540,7 +541,8 @@ public function stripe_connect_account_info_ajax_response() {
* @return bool|void
*/
public function handle_stripe_connect_disconnect() {
$page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
$page = filter_input( INPUT_GET, 'page', FILTER_UNSAFE_RAW );
$page = sanitize_text_field( $page );
if ( empty( $page ) ) {
return;
}
Expand All @@ -549,12 +551,14 @@ public function handle_stripe_connect_disconnect() {
return;
}

$disconnect = filter_input( INPUT_GET, 'disconnect', FILTER_SANITIZE_STRING );
$disconnect = filter_input( INPUT_GET, 'disconnect', FILTER_UNSAFE_RAW );
$disconnect = sanitize_text_field( $disconnect );
if ( empty( $disconnect ) ) {
return;
}

$mode = filter_input( INPUT_GET, 'mode', FILTER_SANITIZE_STRING );
$mode = filter_input( INPUT_GET, 'mode', FILTER_UNSAFE_RAW );
$mode = sanitize_text_field( $mode );
if ( empty( $mode ) ) {
return;
}
Expand All @@ -564,7 +568,8 @@ public function handle_stripe_connect_disconnect() {
return;
}

$nonce = filter_input( INPUT_GET, '_wpnonce', FILTER_SANITIZE_STRING );
$nonce = filter_input( INPUT_GET, '_wpnonce', FILTER_UNSAFE_RAW );
$nonce = sanitize_text_field( $nonce );
if ( empty( $nonce ) ) {
return;
}
Expand Down
15 changes: 9 additions & 6 deletions includes/roles/class-wpum-roles-editor.php
Original file line number Diff line number Diff line change
Expand Up @@ -337,8 +337,11 @@ public function update_role() {
wp_die( esc_html__( 'Something went wrong: could not update the role details.', 'wp-user-manager' ), 403 );
}

$role_id = filter_input( INPUT_POST, 'role_id', FILTER_SANITIZE_STRING );
$role_name = filter_input( INPUT_POST, 'role_name', FILTER_SANITIZE_STRING );
$role_id = filter_input( INPUT_POST, 'role_id', FILTER_UNSAFE_RAW );
$role_id = sanitize_text_field( $role_id );

$role_name = filter_input( INPUT_POST, 'role_name', FILTER_UNSAFE_RAW );
$role_name = sanitize_text_field( $role_name );

if ( $role_id && $role_name ) {

Expand All @@ -362,9 +365,8 @@ public function update_role() {
public function delete_role() {
check_ajax_referer( 'wpum_delete_role', 'nonce' );

$role_id = filter_input( INPUT_POST, 'role_id', FILTER_SANITIZE_STRING );
$role_id = filter_input( INPUT_POST, 'role_id', FILTER_UNSAFE_RAW );
$role_id = sanitize_text_field( $role_id );

if ( ! current_user_can( 'manage_options' ) || ! current_user_can( 'delete_roles' ) || empty( $role_id ) ) {
wp_die( esc_html__( 'Something went wrong: could not delete the role.', 'wp-user-manager' ), 403 );
}
Expand Down Expand Up @@ -409,7 +411,7 @@ public function create_role() {
wp_die( esc_html__( 'Something went wrong: could not create new role.', 'wp-user-manager' ), 403 );
}

$role_name = filter_input( INPUT_POST, 'role_name', FILTER_SANITIZE_STRING );
$role_name = filter_input( INPUT_POST, 'role_name', FILTER_UNSAFE_RAW );
$role_name = sanitize_text_field( $role_name );

if ( $role_name ) {
Expand All @@ -420,7 +422,8 @@ public function create_role() {
'label' => $role_name,
);

$orig_role_id = filter_input( INPUT_POST, 'orig_role_id', FILTER_SANITIZE_STRING );
$orig_role_id = filter_input( INPUT_POST, 'orig_role_id', FILTER_UNSAFE_RAW );
$orig_role_id = sanitize_text_field( $orig_role_id );

if ( $orig_role_id ) {
$orig_role = wpum_get_role( $orig_role_id );
Expand Down
Loading
Loading