Changeset 2742244

Timestamp:

06/14/2022 12:28:56 PM (4 years ago)

Author:

codup

Message:

escaping and validation

Location:

woo-product-as-gift/trunk

Files:

• class/class-wc-gift-settings.php (modified) (1 diff)
• lib/codupads/scripts/adscript.js (modified) (2 diffs)
• partials/gifts-settings.php (modified) (1 diff)
• woocommerce-gift-wrap.php (modified) (2 diffs)

woo-product-as-gift/trunk/class/class-wc-gift-settings.php

@@ -110 +110 @@
         wp_enqueue_script("wc-gift-admin-script", WC_GIFTS_URL . 'assets/admin/js/script.js', array('jquery'), WC_GIFTS_VERSION);
     }
-
 }
 

woo-product-as-gift/trunk/lib/codupads/scripts/adscript.js

@@ -1 +1 @@
 (function($) {
-    
     
     $.ajax({
@@ -16 +15 @@
     
     function appendAds(data) {
-
         data = JSON.parse(data);
         $('#codup-topad').html(data.topad);

woo-product-as-gift/trunk/partials/gifts-settings.php

@@ -1 @@
-<?php echo do_shortcode("[codup_ads_top]"); ?>
+<?php
+ echo do_shortcode("[codup_ads_top]"); ?>
 <div class="wc-gifts-wrapper">
     <h2>Woocommerce Gifts Settings</h2>

woo-product-as-gift/trunk/woocommerce-gift-wrap.php

@@ -74 +74 @@
         public function update_order_meta($order_id) {
             $order = wc_get_order($order_id);
-            $wrap_data = $_SESSION['wcgw_wrap_content'];
+            $wrap_data = $this->wc_gift_input_validator($_SESSION['wcgw_wrap_content']);
 
             if ( isset($wrap_data["wrap"]) ) {
-                $wrap = sanitize_text_field( $wrap_data["wrap"] );
+                $wrap = $this->wc_gift_input_validator( $wrap_data["wrap"] );
                 update_post_meta($order_id, "wrapping", $wrap);
             }
             if ( isset($wrap_data["message"]) ) {
-                $message = sanitize_text_field( $wrap_data["message"] );
-                update_post_meta($order_id, "message", message);
+                $message = $this->wc_gift_input_validator( $wrap_data["message"] );
+                update_post_meta($order_id, "message", $message);
             }
         }
@@ -272 +272 @@
             }
         }
+        /**
+         * validate and sanitize input field
+         */
+    public function wc_gift_input_validator($input) {
+        if (empty($input)) {
+            return;
+        }
+        $input = sanitize_text_input($input);
+        $input = trim($input);
+        $input = stripslashes($input);
+        $input = htmlspecialchars($input);
+        return $input;
+        }
 
     }