Skip to content

Commit

Permalink
FILTER_SANITIZE_FULL_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING
Browse files Browse the repository at this point in the history
  • Loading branch information
@lloc
lloc committed Aug 8, 2023
1 parent 6edfa3f commit 000840e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 6 deletions.
2 changes: 1 addition & 1 deletion includes/ContentImport/Importers/WithRequestPostAttributes.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,6 @@ protected function read_post_type_from_request( $default = 'post' ) {
return $default;
}

return filter_var( $_REQUEST['post_type'], FILTER_SANITIZE_STRING ) ?: 'post';
return filter_var( $_REQUEST['post_type'], FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?: 'post';
}
}
7 changes: 2 additions & 5 deletions includes/MslsMetaBox.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,11 +361,8 @@ public function set( $post_id ) {
return;
}

$capability = (
'page' == filter_input( INPUT_POST, 'post_type', FILTER_SANITIZE_STRING ) ?
'edit_page' :
'edit_post'
);
$post_type = filter_input( INPUT_POST, 'post_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
$capability = 'page' === $post_type ? 'edit_page' : 'edit_post';

if ( ! current_user_can( $capability, $post_id ) ) {
return;
Expand Down

0 comments on commit 000840e

Please sign in to comment.