From 2bc27f08e28d0d6ae3b1f6e3960c11bf60b4f508 Mon Sep 17 00:00:00 2001
From: Daniel Weipert <code@drogueronin.de>
Date: Fri, 25 Dec 2020 10:38:41 +0100
Subject: Fixing ajax array sanitization

---
 src/class-draggable-post-order.php | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'src/class-draggable-post-order.php')

diff --git a/src/class-draggable-post-order.php b/src/class-draggable-post-order.php
index a976816..ee9156c 100644
--- a/src/class-draggable-post-order.php
+++ b/src/class-draggable-post-order.php
@@ -136,11 +136,10 @@ class Draggable_Post_Order {
 
 		$page     = intval( $_POST['page'] );
 		$per_page = intval( $_POST['perPage'] );
-        //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
-		parse_str( $_POST['postOrder'], $post_order );
+		parse_str( sanitize_text_field( wp_unslash( $_POST['postOrder'] ) ), $post_order );
 
-		foreach ( $post_order['post'] as $order => $post_id ) {
-			$order = intval( $order ) + 1;
+		foreach ( $post_order['post'] as $idx => $post_id ) {
+			$order = intval( $idx ) + 1;
 			update_post_meta( $post_id, self::$meta_key, ( ( $page - 1 ) * $per_page ) + $order );
 		}
 	}
-- 
cgit v1.2.3