Making WordPress.org


Ignore:
Timestamp:
01/16/2019 03:36:24 PM (6 years ago)
Author:
vedjain
Message:

WCPT: Applies code standard changes to wcpt plugin.

Most of the changes are small, but these are some important ones:

  1. Added nonce check in multiple places. This will ensure that request is always coming from the intended page.
  1. Escaped output HTML in many places. These are not necessarily XSS vulnerabilities, and in most places they were hardcoded. But its a good practice to always escape regardless of source.

Summary:

  • wcpt-event/class-event-admin.php
    • Added nonce check in metabox_save.
    • Escaped output in dislpay_meta_boxes
  • wcpt-event/class-event-application.php
    • Change definition of submit_application to pass $POST arguments
  • wcpt-loader.php
    • Indent whole file by 1 indent.
  • wcpt-meetup/class-meetup-admin.php
    • Added nonce check in maybe_update_meetup_data
  • wcpt-wordcamp/wordcamp-admin.php
    • Escaping in user_profile_wordcamp, column_data
    • Escaping using kses in post_row_actions
    • Use post_data_raw instead of $_POST in enforce_post_status
File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordcamp.org/public_html/wp-content/plugins/wcpt/wcpt-meetup/class-meetup-application.php

    r8083 r8085  
    8181     * Enqueue scripts and stylesheets.
    8282     */
    83     function enqueue_assets() {
     83    public function enqueue_assets() {
    8484        global $post;
    8585
     
    162162     */
    163163    public function get_default_application_values() {
    164         // WordCamp uses an ID with questions. Not sure how are they used. Ask @corey
     164        // WordCamp uses an ID with questions. Not sure how are they used. Ask @corey.
    165165        $values = array(
    166166            'q_name'                => '',
     
    232232        add_post_meta( $post_id, 'Meetup Location', $data['q_mtp_loc'] );
    233233        add_post_meta(
    234             $post_id, '_status_change', array(
     234            $post_id,
     235            '_status_change',
     236            array(
    235237                'timestamp' => time(),
    236238                'user_id'   => $wordcamp_user_id,
     
    279281     */
    280282    public static function get_application_report_url() {
    281         return "https://central.wordcamp.org/reports/meetup-applications/";
     283        return 'https://central.wordcamp.org/reports/meetup-applications/';
    282284    }
    283285
Note: See TracChangeset for help on using the changeset viewer.