tec3/five-for-the-future
tec3/five-for-the-future
1
0
Fork 0
mirror of https://github.com/WordPress/five-for-the-future.git synced 2025-07-04 18:05:45 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Replace deprecated SANITIZE_STRING filter with UNSAFE_RAW.

Browse source 
`FILTER_UNSAFE_RAW` doesn't strip HTML tags like `FILTER_SANITIZE_STRING` did, but some of these are being run through `sanitize_text_field` as well, and the others aren't being output or saved to the database.

See https://stackoverflow.com/a/69207369/450127
This commit is contained in:
Ian Dunn 2022-07-19 09:49:23 -07:00
parent 87979f588f
commit bb0216adc6
No known key found for this signature in database
GPG key ID: 99B971B50343CBCB
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/wporg-5ftf/includes/contributor.php
View file

@ -430,7 +430,7 @@ function render_my_pledges() {
*/
function process_my_pledges_form() {
$contributor_post_id = filter_input( INPUT_POST, 'contributor_post_id', FILTER_VALIDATE_INT );
$unverified_nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_SANITIZE_STRING );
$unverified_nonce = filter_input( INPUT_POST, '_wpnonce', FILTER_UNSAFE_RAW );
if ( empty( $contributor_post_id ) || empty( $unverified_nonce ) ) {
return ''; // Return early, the form wasn't submitted.
}