search

scouting-nl / scouting-openid-connect

A WordPress plugin that allows Scouting Nederland members to authenticate and log in using their Scouting Nederland OpenID Connect credentials.
GNU General Public License v3.0
0 stars 0 forks source link

Sanitization for register_setting() #20

Open jobvk opened 1 week ago

jobvk commented 1 week ago

Fields registered through register_setting() should be sanitized properly.

https://developer.wordpress.org/reference/functions/register_setting/

Example(s) from your plugin:

src/settings/general.php:81 register_setting('scouting_oidc_settings_group', 'scouting_oidc_user_display_name'); src/settings/general.php:87 register_setting('scouting_oidc_settings_group', 'scouting_oidc_user_birthdate'); src/settings/general.php:93 register_setting('scouting_oidc_settings_group', 'scouting_oidc_user_gender'); src/settings/general.php:99 register_setting('scouting_oidc_settings_group', 'scouting_oidc_user_scouting_id'); src/settings/general.php:105 register_setting('scouting_oidc_settings_group', 'scouting_oidc_user_auto_create'); src/settings/general.php:111 register_setting('scouting_oidc_settings_group', 'scouting_oidc_user_name_prefix'); src/settings/general.php:117 register_setting('scouting_oidc_settings_group', 'scouting_oidc_login_redirect');

src/settings/oidc.php:45 register_setting('scouting_oidc_settings_group', 'scouting_oidc_client_id'); src/settings/oidc.php:51 register_setting('scouting_oidc_settings_group', 'scouting_oidc_client_secret'); src/settings/oidc.php:57 register_setting('scouting_oidc_settings_group', 'scouting_oidc_scopes');