Closed ideadude closed 2 years ago
The .org plugin review team caught some sanitizing and escaping issues for us to address.
From their review:
restrict-with-stripe/adminpages/settings.php:105: 'id' => $_REQUEST['stripe_user_id'], restrict-with-stripe/adminpages/settings.php:64: $error = $_REQUEST['error_message']; restrict-with-stripe/adminpages/terms.php:23: echo esc_html( __( 'Error getting products.', 'restrict-with-stripe' ) . ' ' . $products );
We fixed these lines and scanned our files for other related issues.
There was also this suggestion:
restrict-with-stripe/adminpages/terms.php:154: $product_ids = isset( $_POST[ $meta_key ] ) ? $_POST[ $meta_key ] : array();
We added a comment to clarify that since we're getting an array of ids from $_POST, we sanitizing this with the array_map and sanitize_text_field functions on the next line.
The .org plugin review team caught some sanitizing and escaping issues for us to address.
From their review:
We fixed these lines and scanned our files for other related issues.
There was also this suggestion:
We added a comment to clarify that since we're getting an array of ids from $_POST, we sanitizing this with the array_map and sanitize_text_field functions on the next line.