Support » Plugin: Estatik Real Estate Plugin » Add sanitize calls to the code

  • Resolved sidekickit

    (@ecommany)


    Hi,

    Could you add some sanitize calls to your code when you add data to the database.

    https://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data

    
        /**
         * Check option as default.
         *
         * @return void.
         */
        public function check()
        {
            // If valid ajax request.
            if ( static::is_valid_ajax() ) {
                /** @var Es_Settings_Container $es_settings */
                global $es_settings;
                $es_settings->saveOne( $_POST['container'], $_POST['id'] );
    
                $response = array( 'message' => __( 'Item has been selected.', 'es-plugin' ), 'status' => 'success' );
            } else {
                $response = array( 'message' => __( 'Invalid ajax request.', 'es-plugin' ), 'status' => 'error' );
            }
    
            wp_die( json_encode( $response ) );
        }
    

    And:

    
        public static function remove()
        {
            // If valid ajax request.
            if ( static::is_valid_ajax() && $_POST['action'] ) {
                // Get available values.
                $values = Es_Settings_Container::get_setting_values( $_POST['container'] );
    
                // Remove item using ID and storage.
                if ( ! empty( $values ) ) {
                    $values = get_option( $_POST['storage'], array() );
                    unset( $values[ $_POST['id'] ] );
                    update_option( $_POST['storage'], $values );
    
                    $response = array( 'message' => __( 'Item is successfully deleted.', 'es-plugin' ), 'status' => 'success' );
                } else {
                    $response = array( 'message' => __( 'Nothing for delete.', 'es-plugin' ), 'status' => 'warning' );
                }
            } else {
                $response = array( 'message' => __( 'Invalid ajax request.', 'es-plugin' ), 'status' => 'error' );
            }
    
            wp_die( json_encode( $response ) );
        }
    

    Never trust user input.

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Add sanitize calls to the code’ is closed to new replies.