[WPGancio] Sanitize / validate input/output
This commit is contained in:
les
@@ -4,16 +4,15 @@ defined( 'ABSPATH' ) or die( 'Nope, not accessing this' );
|
||||
// eventorganizer / triggered after an event has been updated
|
||||
// http://codex.wp-event-organiser.com/hook-eventorganiser_save_event.html
|
||||
add_action('eventorganiser_save_event', 'wpgancio_save_event', 15);
|
||||
add_action('wp_trash_post', 'delete_post', 15);
|
||||
add_action('wp_trash_post', 'wpgancio_delete_post', 15);
|
||||
|
||||
function delete_post ($post_id) {
|
||||
function wpgancio_delete_post ($post_id) {
|
||||
$post = get_post($post_id);
|
||||
$instance_url = get_option('wpgancio_instance_url');
|
||||
|
||||
if ($post->post_type == 'event') {
|
||||
$gancio_id = get_post_meta($post_id, 'gancio_id', TRUE);
|
||||
$gancio_id = get_post_meta($post_id, 'wpgancio_gancio_id', TRUE);
|
||||
if ($gancio_id) {
|
||||
$body['id'] = $gancio_id;
|
||||
$http = _wp_http_get_object();
|
||||
$response = $http->request( "${instance_url}/api/event/${gancio_id}", array(
|
||||
'method' => 'DELETE',
|
||||
@@ -28,7 +27,7 @@ function wpgancio_save_event ($post_id) {
|
||||
$event = get_post( $post_id );
|
||||
|
||||
function tagName ($tag) {
|
||||
return $tag->name;
|
||||
return sanitize_title($tag->name);
|
||||
}
|
||||
|
||||
$tmp_tags = get_the_terms( $event, 'event-tag' );
|
||||
@@ -39,9 +38,9 @@ function wpgancio_save_event ($post_id) {
|
||||
return;
|
||||
}
|
||||
|
||||
$gancio_id = get_post_meta($post_id, 'gancio_id', TRUE);
|
||||
$gancio_id = get_post_meta($post_id, 'wpgancio_gancio_id', TRUE);
|
||||
|
||||
// image_path
|
||||
// when
|
||||
$date = eo_get_schedule_start( 'U', $post_id );
|
||||
|
||||
// get place details
|
||||
@@ -62,7 +61,7 @@ function wpgancio_save_event ($post_id) {
|
||||
// add image if specified
|
||||
$image_url = get_the_post_thumbnail_url($post_id);
|
||||
if ($image_url) {
|
||||
$body['image_url'] = $image_url;
|
||||
$body['image_url'] = esc_url($image_url);
|
||||
}
|
||||
|
||||
// update
|
||||
@@ -84,10 +83,10 @@ function wpgancio_save_event ($post_id) {
|
||||
}
|
||||
|
||||
if ( is_wp_error( $response ) ) {
|
||||
$error_message = $response->get_error_message();
|
||||
$error_message = esc_html($response->get_error_message());
|
||||
echo "<div class='error notice'><p>${error_message}</p></div>";
|
||||
return;
|
||||
}
|
||||
$data = json_decode(wp_remote_retrieve_body($response));
|
||||
update_post_meta($post_id, 'gancio_id', $data->id);
|
||||
update_post_meta($post_id, 'wpgancio_gancio_id', intval($data->id));
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ function wpgancio_update_options ($old_value, $instance_url) {
|
||||
$redirect_uri = get_site_url(null, '/wp-admin/options-general.php?page=wpgancio' );
|
||||
$query = join('&', array(
|
||||
'response_type=code',
|
||||
'redirect_uri=' . esc_html($redirect_uri),
|
||||
'redirect_uri=' . esc_url($redirect_uri),
|
||||
'scope=event:write',
|
||||
'client_id=' . get_option('wpgancio_client_id'),
|
||||
));
|
||||
@@ -53,8 +53,8 @@ function wpgancio_instance_url_validate ($instance_url) {
|
||||
$response->get_error_message());
|
||||
} else {
|
||||
$data = json_decode( wp_remote_retrieve_body($response), true);
|
||||
update_option('wpgancio_client_secret', $data['client_secret']);
|
||||
update_option('wpgancio_client_id', $data['client_id']);
|
||||
update_option('wpgancio_client_secret', sanitize_key($data['client_secret']));
|
||||
update_option('wpgancio_client_id', sanitize_key($data['client_id']));
|
||||
return $instance_url;
|
||||
}
|
||||
}
|
||||
@@ -88,7 +88,7 @@ function wpgancio_instance_url_cb( $args ) {
|
||||
name="wpgancio_instance_url">
|
||||
|
||||
<p class="description">
|
||||
<?php esc_html_e( 'Insert your gancio instance URL', 'wpgancio' ); ?>
|
||||
<?php esc_html( 'Insert your gancio instance URL', 'wpgancio' ); ?>
|
||||
</p>
|
||||
|
||||
<?php
|
||||
@@ -104,9 +104,7 @@ function wpgancio_options_page_html() {
|
||||
if ( ! current_user_can( 'manage_options' ) ) { return; }
|
||||
|
||||
// show error/update messages
|
||||
//settings_errors( 'wpgancio_messages' );
|
||||
|
||||
$code = $_GET['code'];
|
||||
$code = sanitize_key($_GET['code']);
|
||||
if ( $code ) {
|
||||
update_option('wpgancio_code', $code);
|
||||
$instance_url = get_option( 'wpgancio_instance_url' );
|
||||
@@ -127,8 +125,8 @@ function wpgancio_options_page_html() {
|
||||
settings_errors( 'wpgancio_messages' );
|
||||
} else {
|
||||
$data = json_decode( wp_remote_retrieve_body($response), true);
|
||||
update_option('wpgancio_token', $data['access_token']);
|
||||
update_option('wpgancio_refresh', $data['refresh_token']);
|
||||
update_option('wpgancio_token', sanitize_key($data['access_token']));
|
||||
update_option('wpgancio_refresh', sanitize_key($data['refresh_token']));
|
||||
add_settings_error('wpgancio_messages', 'wpgancio_messages', 'Association completed!', 'success');
|
||||
settings_errors( 'wpgancio_messages' );
|
||||
}
|
||||
@@ -141,11 +139,14 @@ function wpgancio_options_page_html() {
|
||||
<h1><?php echo esc_html( get_admin_page_title() ); ?></h1>
|
||||
<form action="options.php" method="post">
|
||||
<?php
|
||||
|
||||
// output security fields for the registered setting "wpgancio"
|
||||
settings_fields( 'wpgancio' );
|
||||
|
||||
// output setting sections and their fields
|
||||
// (sections are registered for "wpgancio", each field is registered to a specific section)
|
||||
do_settings_sections( 'wpgancio' );
|
||||
|
||||
// output save settings button
|
||||
submit_button( 'Save Settings' );
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user