From 2bc27f08e28d0d6ae3b1f6e3960c11bf60b4f508 Mon Sep 17 00:00:00 2001 From: Daniel Weipert Date: Fri, 25 Dec 2020 10:38:41 +0100 Subject: Fixing ajax array sanitization --- src/class-draggable-post-order.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/class-draggable-post-order.php b/src/class-draggable-post-order.php index a976816..ee9156c 100644 --- a/src/class-draggable-post-order.php +++ b/src/class-draggable-post-order.php @@ -136,11 +136,10 @@ class Draggable_Post_Order { $page = intval( $_POST['page'] ); $per_page = intval( $_POST['perPage'] ); - //phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized - parse_str( $_POST['postOrder'], $post_order ); + parse_str( sanitize_text_field( wp_unslash( $_POST['postOrder'] ) ), $post_order ); - foreach ( $post_order['post'] as $order => $post_id ) { - $order = intval( $order ) + 1; + foreach ( $post_order['post'] as $idx => $post_id ) { + $order = intval( $idx ) + 1; update_post_meta( $post_id, self::$meta_key, ( ( $page - 1 ) * $per_page ) + $order ); } } -- cgit v1.2.3