10h30/ultimatemember
1
0
Fork 0
mirror of https://github.com/10h30/ultimatemember.git synced 2026-06-05 15:09:37 +09:00
Code Issues Packages Projects Releases Wiki Activity

- sanitizing variables in wp-admin classes;

Browse Source
This commit is contained in:
nikitasinelnikov
2020-02-28 15:51:45 +02:00
parent e0e6030b46
commit 0aab9853d9
14 changed files with 1045 additions and 992 deletions
Download Patch File Download Diff File Expand all files Collapse all files
includes/admin/core/class-admin-builder.php
+6 -8
View File
@@ -284,11 +284,9 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
wp_send_json_error( __( 'Please login as administrator', 'ultimate-member' ) );
}
extract( $_POST );
ob_start();
$this->form_id = $_POST['form_id'];
$this->form_id = absint( $_POST['form_id'] );
$this->show_builder();
@@ -609,10 +607,10 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$output['error'] = null;
$array = array(
'field_type' => $_POST['_type'],
'form_id' => $_POST['post_id'],
'args' => UM()->builtin()->get_core_field_attrs( $_POST['_type'] ),
'post' => $_POST
'field_type' => sanitize_key( $_POST['_type'] ),
'form_id' => absint( $_POST['post_id'] ),
'args' => UM()->builtin()->get_core_field_attrs( sanitize_key( $_POST['_type'] ) ),
'post' => $_POST
);
/**
@@ -1173,7 +1171,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Builder' ) ) {
$arr_options = array();
$um_callback_func = $_POST['um_option_callback'];
$um_callback_func = sanitize_key( $_POST['um_option_callback'] );
if ( empty( $um_callback_func ) ) {
$arr_options['status'] = 'empty';
$arr_options['function_name'] = $um_callback_func;