Making WordPress.org

Changeset 5568


Ignore:
Timestamp:
06/15/2017 12:33:44 PM (8 years ago)
Author:
coreymckrill
Message:

WordCamp Post Types: Avoid notices for missing $_POST keys

Use filter_input to ensure that $_POST keys exist before calling
their values. This function isn't used anywhere in Core because of
PHP compatibility issues, but it shouldn't cause an issue on
WordCamp.org.

Props davidmosterd
Fixes #2869

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wc-post-types/wc-post-types.php

    r5567 r5568  
    18271827        }
    18281828
    1829         if ( isset( $_POST['wcpt-meta-sponsor-info'] ) && wp_verify_nonce( $_POST['wcpt-meta-sponsor-info'], 'edit-sponsor-info' ) ) {
     1829        if ( wp_verify_nonce( filter_input( INPUT_POST, 'wcpt-meta-sponsor-info' ), 'edit-sponsor-info' ) ) {
    18301830            $text_values = array(
    18311831                'company_name', 'first_name', 'last_name', 'email_address', 'phone_number', 'vat_number', 'twitter_handle',
     
    18341834
    18351835            foreach ( $text_values as $id ) {
    1836                 $values[ $id ] = sanitize_text_field( $_POST["_wcpt_sponsor_$id"] );
     1836                $values[ $id ] = sanitize_text_field( filter_input( INPUT_POST, '_wcpt_sponsor_' . $id ) );
    18371837            }
    18381838
    1839             $values['website'] = esc_url_raw( $_POST['_wcpt_sponsor_website'] );
     1839            $values['website'] = esc_url_raw( filter_input( INPUT_POST, '_wcpt_sponsor_website' ) );
    18401840            // TODO: maybe only allows links to home page, depending on outcome of http://make.wordpress.org/community/2013/12/31/irs-rules-for-corporate-sponsorship-of-wordcamp/
    18411841
     
    18441844
    18451845            foreach( $values as $id => $value ) {
     1846                $meta_key = '_wcpt_sponsor_' . $id;
     1847
    18461848                if ( empty( $value ) ) {
    1847                     delete_post_meta( $post_id, "_wcpt_sponsor_$id" );
     1849                    delete_post_meta( $post_id, $meta_key );
    18481850                } else {
    1849                     update_post_meta( $post_id, "_wcpt_sponsor_$id", $value );
     1851                    update_post_meta( $post_id, $meta_key, $value );
    18501852                }
    18511853            }
Note: See TracChangeset for help on using the changeset viewer.