WordPress.org
Get WordPress

Plugin Directory

Changeset 2746622


Ignore:
Timestamp:
06/22/2022 07:05:26 PM (4 years ago)
Author:
grimmdude
Message:

More sanitizing

Location:
sharebar
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • sharebar/tags/1.4.3/sharebar-admin.php

    r2746618 r2746622  
    2121    }
    2222
    23     $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
    24     $pos = isset($_REQUEST['pos']) ? $_REQUEST['pos'] : null;
    25     $status = isset($_REQUEST['status']) ? $_REQUEST['status'] : null;
    26     $task = isset($_REQUEST['t']) ? $_REQUEST['t'] : null;
    27     $do = isset($_REQUEST['do']) ? $_REQUEST['do'] : null;
     23    $id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : null;
     24    $pos = isset($_REQUEST['pos']) ? (int) $_REQUEST['pos'] : null;
     25    $status = isset($_REQUEST['status']) ? sanitize_text_field($_REQUEST['status']) : null;
     26    $task = isset($_REQUEST['t']) ? sanitize_text_field($_REQUEST['t']) : null;
     27    $do = isset($_REQUEST['do']) ? sanitize_text_field($_REQUEST['do']) : null;
    2828   
    2929    if($id) $item = $wpdb->get_row($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."sharebar WHERE id=%d", $id));
     
    3131    if($do == 'update') {
    3232        check_admin_referer( 'wp_sharebar_add_update' );
    33         $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."sharebar SET enabled='%d', position='%d', name='%s', big='%s', small='%s' WHERE id='%d'", $_POST['enabled'], $_POST['position'], $_POST['name'], $_POST['big'], $_POST['small'], $id));
     33        $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."sharebar SET enabled='%d', position='%d', name='%s', big='%s', small='%s' WHERE id='%d'", (int) $_POST['enabled'], (int) $_POST['position'], sanitize_text_field($_POST['name']), $_POST['big'], $_POST['small'], $id));
    3434    }
    3535    elseif($do == 'add') {
    3636        check_admin_referer( 'wp_sharebar_add_update' );
    37         $wpdb->query($wpdb->prepare("INSERT INTO ".$wpdb->prefix."sharebar (position, name, big, small) VALUES('%d','%s', '%s', '%s')", $_POST['position'], $_POST['name'], $_POST['big'], $_POST['small']));
     37        $wpdb->query($wpdb->prepare("INSERT INTO ".$wpdb->prefix."sharebar (position, name, big, small) VALUES('%d','%s', '%s', '%s')", (int) $_POST['position'], sanitize_text_field($_POST['name']), $_POST['big'], $_POST['small']));
    3838    }
    3939    elseif($do == 'delete') {

  • sharebar/trunk/sharebar-admin.php

    r2746618 r2746622  
    2121    }
    2222
    23     $id = isset($_REQUEST['id']) ? $_REQUEST['id'] : null;
    24     $pos = isset($_REQUEST['pos']) ? $_REQUEST['pos'] : null;
    25     $status = isset($_REQUEST['status']) ? $_REQUEST['status'] : null;
    26     $task = isset($_REQUEST['t']) ? $_REQUEST['t'] : null;
    27     $do = isset($_REQUEST['do']) ? $_REQUEST['do'] : null;
     23    $id = isset($_REQUEST['id']) ? (int) $_REQUEST['id'] : null;
     24    $pos = isset($_REQUEST['pos']) ? (int) $_REQUEST['pos'] : null;
     25    $status = isset($_REQUEST['status']) ? sanitize_text_field($_REQUEST['status']) : null;
     26    $task = isset($_REQUEST['t']) ? sanitize_text_field($_REQUEST['t']) : null;
     27    $do = isset($_REQUEST['do']) ? sanitize_text_field($_REQUEST['do']) : null;
    2828   
    2929    if($id) $item = $wpdb->get_row($wpdb->prepare("SELECT * FROM ".$wpdb->prefix."sharebar WHERE id=%d", $id));
     
    3131    if($do == 'update') {
    3232        check_admin_referer( 'wp_sharebar_add_update' );
    33         $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."sharebar SET enabled='%d', position='%d', name='%s', big='%s', small='%s' WHERE id='%d'", $_POST['enabled'], $_POST['position'], $_POST['name'], $_POST['big'], $_POST['small'], $id));
     33        $wpdb->query($wpdb->prepare("UPDATE ".$wpdb->prefix."sharebar SET enabled='%d', position='%d', name='%s', big='%s', small='%s' WHERE id='%d'", (int) $_POST['enabled'], (int) $_POST['position'], sanitize_text_field($_POST['name']), $_POST['big'], $_POST['small'], $id));
    3434    }
    3535    elseif($do == 'add') {
    3636        check_admin_referer( 'wp_sharebar_add_update' );
    37         $wpdb->query($wpdb->prepare("INSERT INTO ".$wpdb->prefix."sharebar (position, name, big, small) VALUES('%d','%s', '%s', '%s')", $_POST['position'], $_POST['name'], $_POST['big'], $_POST['small']));
     37        $wpdb->query($wpdb->prepare("INSERT INTO ".$wpdb->prefix."sharebar (position, name, big, small) VALUES('%d','%s', '%s', '%s')", (int) $_POST['position'], sanitize_text_field($_POST['name']), $_POST['big'], $_POST['small']));
    3838    }
    3939    elseif($do == 'delete') {
Note: See TracChangeset for help on using the changeset viewer.