Add extra sanitation step to input
This commit is contained in:
parent
fb1789343c
commit
b84917f2b7
3 changed files with 16 additions and 15 deletions
|
|
@ -50,10 +50,11 @@ class WideAngleHelpers {
|
|||
$params = array();
|
||||
foreach($request as $requestKey => $paramValue) {
|
||||
if(preg_match(self::includeParamRequestKeyPattern, $requestKey)) {
|
||||
if(preg_match(self::includeParamRequestValuePattern, $paramValue)) {
|
||||
array_push($params, trim($paramValue));
|
||||
$sanitizedValue = sanitize_text_field($paramValue);
|
||||
if(preg_match(self::includeParamRequestValuePattern, $sanitizedValue)) {
|
||||
array_push($params, trim($sanitizedValue));
|
||||
} else {
|
||||
return WideAngleValidated::createInvalid($name, $paramValue, "Name of parameter to include in request must consint of letters, numbers and can contain _ or - sign only.");
|
||||
return WideAngleValidated::createInvalid($name, $sanitizedValue, "Name of parameter to include in request must consint of letters, numbers and can contain _ or - sign only.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -67,13 +68,13 @@ class WideAngleHelpers {
|
|||
$idx = array();
|
||||
if(preg_match(self::excludePathRequestKeyPattern, $key, $idx)) {
|
||||
$valueKey = "waa_exc_path_".$idx[1]."_value";
|
||||
$exclusionValue = trim($request[$valueKey]);
|
||||
if($exclusionValue != null) {
|
||||
if(filter_var($exclusionValue, FILTER_VALIDATE_REGEXP)) {
|
||||
$typedExclusion = "[" . $exclusionType . "]" . $exclusionValue;
|
||||
$sanitizedValue = trim(sanitize_text_field($request[$valueKey]));
|
||||
if($sanitizedValue != null) {
|
||||
if(filter_var($sanitizedValue, FILTER_VALIDATE_REGEXP)) {
|
||||
$typedExclusion = "[" . $exclusionType . "]" . $sanitizedValue;
|
||||
array_push($exclusions, $typedExclusion);
|
||||
} else {
|
||||
$typedExclusion = "[" . $exclusionType . "]" . filter_var($exclusionValue, FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
$typedExclusion = "[" . $exclusionType . "]" . filter_var($sanitizedValue, FILTER_SANITIZE_SPECIAL_CHARS);
|
||||
array_push($exclusions, $typedExclusion);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
<?php
|
||||
$siteId = $this->settings[self::WAA_CONF_SITE_ID];
|
||||
$trackerDomain = $this->settings[self::WAA_CONF_TRACKER_DOMAIN];
|
||||
$siteId = wp_unslash($this->settings[self::WAA_CONF_SITE_ID]);
|
||||
$trackerDomain = wp_unslash($this->settings[self::WAA_CONF_TRACKER_DOMAIN]);
|
||||
$ignoreHash = filter_var($this->settings[self::WAA_CONF_IGNORE_HASH], FILTER_VALIDATE_BOOLEAN);
|
||||
$parsedExclusions = $this->plugin->helpers->parseExclusionSetting($this->settings[self::WAA_CONF_EXC_PATHS]);
|
||||
$parsedIncludeParams = $this->plugin->helpers->parseIncludeParamsSetting($this->settings[self::WAA_CONF_INC_PARAMS]);
|
||||
$parsedExclusions = $this->plugin->helpers->parseExclusionSetting(wp_unslash($this->settings[self::WAA_CONF_EXC_PATHS]));
|
||||
$parsedIncludeParams = $this->plugin->helpers->parseIncludeParamsSetting(wp_unslash($this->settings[self::WAA_CONF_INC_PARAMS]));
|
||||
$generator = new WideAngleGenerator($this->settings[self::WAA_CONF_ATTRIBUTES]);
|
||||
?>
|
||||
<div class="wrap">
|
||||
|
|
|
|||
|
|
@ -112,9 +112,9 @@ class WideAngleAnalytics {
|
|||
} elseif ( ! wp_verify_nonce( $_REQUEST[ $this->plugin->name . '_nonce' ], $this->plugin->name ) ) {
|
||||
$this->errorMessage = __( 'Invalid nonce specified. Settings NOT saved.', $this->plugin->name );
|
||||
} else {
|
||||
$waaSiteId = $this->plugin->helpers->validateSiteId(self::WAA_CONF_SITE_ID, $_REQUEST['waa_site_id']);
|
||||
$waaTrackerDomain = $this->plugin->helpers->validateTrackerDomain(self::WAA_CONF_TRACKER_DOMAIN, $_REQUEST['waa_tracker_domain']);
|
||||
$waaIgnoreHash = $this->plugin->helpers->validateIgnoreHashFlag(self::WAA_CONF_IGNORE_HASH, $_REQUEST['waa_ignore_hash']);
|
||||
$waaSiteId = $this->plugin->helpers->validateSiteId(self::WAA_CONF_SITE_ID, sanitize_text_field($_REQUEST['waa_site_id']));
|
||||
$waaTrackerDomain = $this->plugin->helpers->validateTrackerDomain(self::WAA_CONF_TRACKER_DOMAIN, sanitize_text_field($_REQUEST['waa_tracker_domain']));
|
||||
$waaIgnoreHash = $this->plugin->helpers->validateIgnoreHashFlag(self::WAA_CONF_IGNORE_HASH, sanitize_text_field($_REQUEST['waa_ignore_hash']));
|
||||
$waaIncParams = $this->plugin->helpers->validateIncludeParams(self::WAA_CONF_INC_PARAMS, $_REQUEST);
|
||||
$waaExclusionPaths = $this->plugin->helpers->validateExclusionPathsRequest(self::WAA_CONF_EXC_PATHS, $_REQUEST);
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue