[Show Related Posts] Incorrect Sanitization in post-types-admin.php

[Vrishabhsk]

Describe the bug The function radio_station_post_save_data that is hooked to the action save_post uses the wrong sanitization function to sanitize the value for $_POST[ post_showblog_id ] ( uses sanitize_text_field instead of a array_map or map_deep function ). Due to this, the array passed in $_POST[ post_showblog_id ] is converted to empty string and the meta value is not stored for the post.

To Reproduce Steps to reproduce the behavior:

1. Go to any post
2. Select any shows that have been created
3. Save the post and reload
4. The selected items are no longer shown as selected and also the post meta does not contain the post_showblog_id key

Expected behavior If correct sanitization was used as mentioned above the post meta would be saved and shown in the DB. Also when the post is reloaded the selected shows in the Inspector Controls will be shown

Additional context

• Support Ticket
• File to be edited : includes/post-types-admin.php#L6481

[tonyzeoli]

@Vrishabhsk I've assigned this to @majick777 for pickup. He'll take a look at this and we'll get a fix out shortly.

[majick777]

@Vrishabhsk Thanks for reporting, this fix is available in the development version for download: https://github.com/netmix/radio-station/tree/develop/ and will be included in the 2.5.8 release.