Changeset 3158305

Timestamp:

09/26/2024 03:06:01 PM (18 months ago)

Author:

thangnv27

Message:

fixbug

Location:

wp-multitasking/trunk

Files:

• readme.txt (modified) (2 diffs)
• wp-multitasking.php (modified) (5 diffs)

wp-multitasking/trunk/readme.txt

@@ -5 +5 @@
 Requires at least: 2.1.0
 Tested up to: 6.6.1
-Stable tag: 0.1.17
+Stable tag: 0.1.18
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -86 +86 @@
 == Changelog ==
 
+= 0.1.18 =
+* Fix bug sanitize
+
 = 0.1.17 =
 * Fix display images

wp-multitasking/trunk/wp-multitasking.php

@@ -4 +4 @@
 Plugin URI:  http://wordpress.org/plugins/wp-multitasking/
 Description: This plugin is synthetic utility for your WordPress site: Shortcode, BBCode, AddQuickTag, Exit pop-up, Welcome pop-up, Remove base slug, SMTP, Classic Editor, Classic widgets...
-Version:     0.1.17
+Version:     0.1.18
 Author:      thangnv27
 Author URI:  https://ngothang.me/
@@ -27 +27 @@
 
 function wpmt_add_settings_page(){
-    $menu_name = stripslashes(get_option('wpmt_menu_name'));
+    $menu_name = esc_html(get_option('wpmt_menu_name'));
     $menu_name = (empty($menu_name)) ? WPMT_MENU_NAME : $menu_name;
     add_menu_page($menu_name, // Page title
@@ -45 +45 @@
                 $fields = ['wpmt_menu_name', 'wpmt_classic_editor', 'wpmt_classic_widgets', 'wpmt_popup_type', 'wpmt_colorbox_type'];
                 foreach ($fields as $field) {
-                    if (isset($_REQUEST[$field]) and !empty($_REQUEST[$field])) {
-                        update_option($field, $_REQUEST[$field]);
+                    $fieldVal = sanitize_text_field($_REQUEST[$field]);
+                    if (isset($_REQUEST[$field]) and !empty($fieldVal)) {
+                        update_option($field, $fieldVal);
                     } else {
                         delete_option($field);
@@ -69 +70 @@
             <h2 class="wraphead">
                 <?php 
-                $wpmt_menu_name = stripslashes(get_option('wpmt_menu_name'));
+                $wpmt_menu_name = esc_html(get_option('wpmt_menu_name'));
                 $menu_name = (empty($wpmt_menu_name)) ? WPMT_MENU_NAME : $wpmt_menu_name;
                 echo $menu_name;
@@ -85 +86 @@
                         </td>
                         <td>
-                            <input type="text" name="wpmt_menu_name" id="wpmt_menu_name" value="<?php echo stripslashes(get_option('wpmt_menu_name')); ?>" class="regular-text" />
+                            <input type="text" name="wpmt_menu_name" id="wpmt_menu_name" value="<?php echo esc_html(get_option('wpmt_menu_name')); ?>" class="regular-text" />
                         </td>
                     </tr>