Context Navigation

meetup.php

Timestamp:

01/16/2019 03:36:24 PM (6 years ago)

Author:

vedjain

Message:

WCPT: Applies code standard changes to wcpt plugin.

Most of the changes are small, but these are some important ones:

Added nonce check in multiple places. This will ensure that request is always coming from the intended page.

Escaped output HTML in many places. These are not necessarily XSS vulnerabilities, and in most places they were hardcoded. But its a good practice to always escape regardless of source.

Summary:

wcpt-event/class-event-admin.php
- Added nonce check in metabox_save.
- Escaped output in dislpay_meta_boxes

wcpt-event/class-event-application.php
- Change definition of submit_application to pass $POST arguments

wcpt-meetup/class-meetup-admin.php
- Added nonce check in maybe_update_meetup_data

wcpt-wordcamp/wordcamp-admin.php
- Escaping in user_profile_wordcamp, column_data
- Escaping using kses in post_row_actions
- Use post_data_raw instead of $_POST in enforce_post_status

File:

r8083	r8085
6	6	use WordPress_Community\Applications\Meetup_Application;
7	7
8		defined( 'WPINC' ) or die();
	8	defined( 'WPINC' ) \|\| die();
9	9
10	10	/*

Note: See TracChangeset for help on using the changeset viewer.