Closed david-binda closed 7 years ago
The code in FOCUS_Cache::render_admin_page is double sanitising the $action variable via sanitize_text_field.
FOCUS_Cache::render_admin_page
$action
sanitize_text_field
First in https://github.com/emrikol/FOCUS/blob/master/focus-cache.php#L126 and for second time in https://github.com/emrikol/FOCUS/blob/master/focus-cache.php#L130
It's really needed only once.
Further, the double wp_unslash call may actually introduce some unwanted bugs. Eg.:
wp_unslash
wp> addslashes( "O\'Reilly" ); string(11) "O\\\'Reilly" wp> wp_unslash( "O\\\'Reilly" ); string(9) "O\'Reilly" wp> wp_unslash( "O\'Reilly" ); string(8) "O'Reilly"
Hopefully fixed by #6 :)
emrikol
commented
7 years ago emrikol
commented
7 years ago
The code in
FOCUS_Cache::render_admin_pageis double sanitising the$actionvariable viasanitize_text_field.First in https://github.com/emrikol/FOCUS/blob/master/focus-cache.php#L126 and for second time in https://github.com/emrikol/FOCUS/blob/master/focus-cache.php#L130
It's really needed only once.
Further, the double
wp_unslashcall may actually introduce some unwanted bugs. Eg.: