Changeset 3140738

Timestamp:

08/24/2024 12:40:49 PM (19 months ago)

Author:

zourbuth

Message:

Sanitized data input

Location:

wp-exporter/trunk

Files:

• index.php (modified) (2 diffs)
• utility.php (modified) (3 diffs)

wp-exporter/trunk/index.php

@@ -64 +64 @@
  */ 
 function wp_exporter_post_ids( $post_ids, $args ) {
-    if ( 'advanced' == $args['content'] && isset( $_GET['query'] ) ) {
+    if ( 'advanced' == esc_attr( $args['content'] ) && isset( $_GET['query'] ) ) {
         $query = esc_attr( $_GET['query'] );
+
         if ( isset( $_GET['post_ids'] ) ) {
-            $post_ids = (array) $_GET['post_ids'];
+            $post_ids = array_map( 'sanitize_text_field', (array) $_GET['post_ids'] );
             $post_ids = apply_filters( 'wp_exporter_post_ids', $post_ids, $query, $args );
         }
@@ -81 +82 @@
  */ 
 function export_wp_action( $args ) {
-    if ( 'advanced' == $args['content'] ) {
+    if ( 'advanced' == esc_attr( $args['content'] ) ) {
         require_once( plugin_dir_path( __FILE__ ) . 'export.php' );
         

wp-exporter/trunk/utility.php

@@ -28 +28 @@
      */
     function __construct() {
-        add_filter( 'export_args', array( &$this, 'export_args' ), 1, 1 );
         add_action( 'the_post', array( &$this, 'the_post' ), 1, 2 );
     }
 
     /**
-     * Create admin bar export menu, before user profile menu
-     * 
-     * @param $wp_admin_bar (object) WP_Admin_Bar
-     * @since 0.0.5
-     */
-    public static function export_args( $args ) {
-        
-        return $args;
-    }
-
-    /**
-     * Create admin bar export menu, before user profile menu
-     * 
-     * @param $wp_admin_bar (object) WP_Admin_Bar
-     * @since 0.0.5
-     */
-    public static function export_url() {
-        global $post;
-
-        $params = array(
-            'download'      => 'true',
-            'content'       => 'advanced',
-            'content'       => 'advanced',
-            'query'         => $post->post_type,
-            'post_ids[]'    => $post->ID,
-        );
-
-        return admin_url( "export.php?" ) . http_build_query($params);
-    }
-
-    /**
-     * Export action using custom query
+     * Export action using custom quøery
      * Modify post object while 'get_post' inside 'setup_postdata'
      * Put define('WP_EXPORTER_POST_STATUS', 'draft'); in wp-config.php or theme functions.php
@@ -71 +39 @@
      * @param $wp_query The current Query object (passed by reference).
      * @since 0.0.5
-     */ 
+     */
     function the_post( $post, $wp_query ) { 
-        if ( isset( $wp_query->wp_exporter ) && $wp_query->wp_exporter && defined('WP_EXPORTER_POST_STATUS') && isset( $GLOBALS['post'] ) ) {
-            $GLOBALS['post']->post_status = WP_EXPORTER_POST_STATUS;    
-            return $GLOBALS['post'];
+        if ( isset( $wp_query->wp_exporter ) && $wp_query->wp_exporter && 
+            defined( 'WP_EXPORTER_POST_STATUS' ) && isset( $GLOBALS[ 'post' ] ) ) {
+                $GLOBALS[ 'post' ]->post_status = esc_attr( WP_EXPORTER_POST_STATUS );  
+                return $GLOBALS[ 'post' ];
         }
-    }   
+    }
 
 } new WP_Export_Utility();
-
 
 /**
@@ -86 +54 @@
  * @params $arr array()
  * @since 0.0.5
- */ 
+ */
 function _wp_exporter_debugr( $arr ) {
     echo '<pre style="font-size:10px;line-height:10px;">'. print_r( $arr, true ) . '</pre>';