Changeset 2837062

Timestamp:

12/21/2022 05:55:03 AM (3 years ago)

Author:

biztechc

Message:

plugin vulnerable resolve with data sanitization

Location:

show-all-comments-in-one-page/trunk

Files:

• bt-comments.php (modified) (4 diffs)
• js/sac-script.js (modified) (2 diffs)

show-all-comments-in-one-page/trunk/bt-comments.php

@@ -551 +551 @@
 function sac_post_type_call_callback() {
 
-    $post_type = $_REQUEST['post_type'];
+    $post_type = isset( $_REQUEST['post_type'] ) ? sanitize_text_field( $_REQUEST['post_type'] ) : '';
+    $post_category = isset( $_REQUEST['post_category'] ) ? intval( sanitize_text_field( $_REQUEST['post_category'] ) ) : '';
+    $post_id = isset( $_REQUEST['post_id'] ) ? intval( sanitize_text_field( $_REQUEST['post_id'] ) ) : '';
 
     $exclude_post = get_option('bt_exclude_post');
@@ -567 +569 @@
     );
 
-    if (isset( $_REQUEST['post_category'] ) && $_REQUEST['post_category'] != null && $_REQUEST['post_type'] == 'post') {
-
-        $args['category'] = $_REQUEST['post_category'];
+    if ( $post_category != '' && $post_type == 'post') {
+
+        $args['category'] = $post_category;
     }
 
@@ -583 +585 @@
         foreach ($posts as $post) {
 
-            if ( isset($_REQUEST['post_id']) && $post->ID == $_REQUEST['post_id']) {
+            if ( $post->ID == $post_id ) {
                 ?>
                 <option value="<?php echo $post->ID; ?>" selected><?php echo $post->post_title; ?></option>
@@ -613 +615 @@
 
     if (isset($_REQUEST['sac_posts'])) {
-        $sac_posts = $_REQUEST['sac_posts'];
+        $sac_posts = intval( sanitize_text_field($_REQUEST['sac_posts']) );
         $sac_localize_data['sac_posts'] = $sac_posts;
     }
     $sac_category = '';
     if (isset($_REQUEST['sac_post_types']) && $_REQUEST['sac_post_types'] == 'post') {
-        $sac_category = isset($_REQUEST['sac_category']) ? $_REQUEST['sac_category'] : '';
+        $sac_category = isset($_REQUEST['sac_category']) ? intval( sanitize_text_field($_REQUEST['sac_category'])) : '';
         $sac_localize_data['sac_category'] = $sac_category;
     }

show-all-comments-in-one-page/trunk/js/sac-script.js

@@ -11 +11 @@
     jQuery('.sac-post-types').on('change', function () {
         var sac_post_type = jQuery(this).val();
+        var sac_post_category = jQuery('.sac-category').val();
 
         if (sac_post_type) {
@@ -21 +22 @@
             }
 
-            if (typeof sac_localize_data.sac_category != 'undefined') {
-                sac_post_type_data.post_category = sac_localize_data.sac_category;
+            if (typeof sac_post_category != 'undefined') {
+                sac_post_type_data.post_category = sac_post_category;
             }
             jQuery('.sac-posts option').remove();