From 909968df97aa80cbc78fa8842b469a3359d1f5cc Mon Sep 17 00:00:00 2001 From: ashubawork Date: Thu, 20 Jul 2023 16:31:12 +0300 Subject: [PATCH 1/2] - fix sanitize directory name --- includes/admin/core/class-admin-metabox.php | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php index 41bd7ebe..0c3ea133 100644 --- a/includes/admin/core/class-admin-metabox.php +++ b/includes/admin/core/class-admin-metabox.php @@ -1069,17 +1069,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { * @param $post_id * @param $post */ - function save_metabox_directory( $post_id, $post ) { + public function save_metabox_directory( $post_id, $post ) { global $wpdb; // validate nonce if ( ! isset( $_POST['um_admin_save_metabox_directory_nonce'] ) || - ! wp_verify_nonce( $_POST['um_admin_save_metabox_directory_nonce'], basename( __FILE__ ) ) ) { + ! wp_verify_nonce( $_POST['um_admin_save_metabox_directory_nonce'], basename( __FILE__ ) ) ) { return; } // validate post type - if ( $post->post_type != 'um_directory' ) { + if ( 'um_directory' !== $post->post_type ) { return; } @@ -1096,8 +1096,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { $_POST['post_title'] = sprintf( __( 'Directory #%s', 'ultimate-member' ), $post_id ); } - $wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( $_POST['post_title'] ) ), $where ); - do_action( 'um_before_member_directory_save', $post_id ); // save @@ -1119,17 +1117,17 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { $metadata = UM()->admin()->sanitize_member_directory_meta( $_POST['um_metadata'] ); foreach ( $metadata as $k => $v ) { - if ( $k == '_um_show_these_users' && trim( $v ) ) { + if ( '_um_show_these_users' === $k && trim( $v ) ) { $v = preg_split( '/[\r\n]+/', $v, -1, PREG_SPLIT_NO_EMPTY ); } - if ( $k == '_um_exclude_these_users' && trim( $v ) ) { + if ( '_um_exclude_these_users' === $k && trim( $v ) ) { $v = preg_split( '/[\r\n]+/', $v, -1, PREG_SPLIT_NO_EMPTY ); } if ( strstr( $k, '_um_' ) ) { - if ( $k === '_um_is_default' ) { + if ( '_um_is_default' === $k ) { $mode = UM()->query()->get_attr( 'mode', $post_id ); @@ -1145,9 +1143,7 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { foreach ( $posts as $p_id ) { delete_post_meta( $p_id, '_um_is_default' ); } - } - } $v = apply_filters( 'um_member_directory_meta_value_before_save', $v, $k, $post_id ); From f085af988ff7595bb7e96541404c00d507533fe9 Mon Sep 17 00:00:00 2001 From: ashubawork Date: Thu, 20 Jul 2023 16:59:38 +0300 Subject: [PATCH 2/2] - form name --- includes/admin/core/class-admin-metabox.php | 1 - 1 file changed, 1 deletion(-) diff --git a/includes/admin/core/class-admin-metabox.php b/includes/admin/core/class-admin-metabox.php index 0c3ea133..a53f8285 100644 --- a/includes/admin/core/class-admin-metabox.php +++ b/includes/admin/core/class-admin-metabox.php @@ -1188,7 +1188,6 @@ if ( ! class_exists( 'um\admin\core\Admin_Metabox' ) ) { // translators: %s: Form id. $_POST['post_title'] = sprintf( __( 'Form #%s', 'ultimate-member' ), $post_id ); } - $wpdb->update( $wpdb->posts, array( 'post_title' => sanitize_text_field( $_POST['post_title'] ) ), $where ); // save delete_post_meta( $post_id, '_um_profile_metafields' );