search

hlashbrooke / WordPress-Plugin-Template

A robust code template for creating a standards-compliant WordPress plugin.
https://hughlashbrooke.com/
GNU General Public License v2.0
1.03k stars 329 forks source link

Sanitize tabs #81

Open seezee opened 5 years ago

seezee commented 5 years ago

In order to pass PHPCS, I've changed the following lines in Class _Settings:

334:    $current_section = $_POST['tab'];
    $current_section = sanitize_text_field( wp_unslash( $_POST['tab'] ) );
337:    $current_section = $_GET['tab'];
    $current_section = sanitize_text_field( wp_unslash( $_GET['tab'] ) );
409:    $tab .= $_GET['tab'];
    $tab .= sanitize_text_field( wp_unslash( $_GET['tab'] ) );

These fields should never contain HTML anyway so this seems a good way to handle this unless there's some edge case I haven't thought of.

I would open a pull request, but I'm still learning how to use version control and haven't figured out how to do that yet :-(

jonathanbossenger commented 5 years ago

@seezee would you like me to record a screencast, on how to create a PR, might be a useful learning experience for you?

seezee commented 5 years ago

That would be awesome!

On 1Jul 2019, at 12:24 PM, Jonathan Bossenger notifications@github.com wrote:

@seezee https://github.com/seezee would you like me to record a screencast, on how to create a PR, might be a useful learning experience for you?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/hlashbrooke/WordPress-Plugin-Template/issues/81?email_source=notifications&email_token=AACGIXHG765MPMKKPSXUSJTP5I4TZA5CNFSM4H4UNA6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODY6ZVXI#issuecomment-507353821, or mute the thread https://github.com/notifications/unsubscribe-auth/AACGIXGH5FL3AUNQKEULMCDP5I4TZANCNFSM4H4UNA6A.

jonathanbossenger commented 5 years ago

https://youtu.be/6044wDAIejo