Skip to content

Commit

Permalink
fix: Sanitize some parameters
Browse files Browse the repository at this point in the history
  • Loading branch information
@zarei-dev
zarei-dev committed Sep 20, 2022
1 parent 225a272 commit 4756b4d
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 8 deletions.
4 changes: 2 additions & 2 deletions inc/Location.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5730,7 +5730,7 @@ public static function load_districts_callback() {
die();
}

$city_id = absint( $_POST['city_id'] );
$city_id = absint( sanitize_text_field($_POST['city_id']) );

if ( ! $city_id ) {
die();
Expand All @@ -5748,7 +5748,7 @@ public static function load_districts_callback() {

$cities = apply_filters( 'pws_districts', $cities, $city_id );

$type = isset( $_POST['type'] ) && $_POST['type'] == 'billing' ? 'billing' : 'shipping';
$type = isset( $_POST['type'] ) && sanitize_text_field( $_POST['type'] ) == 'billing' ? 'billing' : 'shipping';

$term_id = \WC()->session->get( $type . '_district', 0 );

Expand Down
8 changes: 4 additions & 4 deletions inc/MetaBox.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ class MetaBox {
public function add_meta_boxes () {

if ( get_post_type() == 'shop_order' && isset( $_GET[ 'post' ] ) ) {
$order_id = $_GET[ 'post' ];
$order_id = sanitize_text_field( $_GET[ 'post' ] );
$order = \wc_get_order($order_id);

if ( !$order->has_shipping_method('podro_method') ) {
Expand Down Expand Up @@ -43,7 +43,7 @@ public function has_podro_order( $order_id ) {

public function pod_order_details () {
$pod_order_id = get_post_meta( get_the_ID(), 'pod_order_id', true );
$order_id = $_GET[ 'post' ];
$order_id = sanitize_text_field($_GET[ 'post' ]);

$response = (new Orders)->get_order( $pod_order_id );

Expand Down Expand Up @@ -112,7 +112,7 @@ public function pod_order_details () {
}

public function order_my_custom() {
$order_id = $_GET[ 'post' ];
$order_id = sanitize_text_field( $_GET[ 'post' ] );
$order = \wc_get_order($order_id);

$this->delivery_step_1( $order );
Expand Down Expand Up @@ -280,7 +280,7 @@ public function ajax_saving_options_step_2() {

}

$order_id = $_POST['order_id'];
$order_id = sanitize_text_field($_POST['order_id']);
$order = \wc_get_order($order_id);

$store_state = $this->get_store_state();
Expand Down
4 changes: 2 additions & 2 deletions inc/Podro_Order_Table.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -183,13 +183,13 @@ private function sort_data( $a, $b )
// If orderby is set, use this as the sort column
if(!empty($_GET['orderby']))
{
$orderby = $_GET['orderby'];
$orderby = sanitize_text_field($_GET['orderby']);
}

// If order is set use this as the order
if(!empty($_GET['order']))
{
$order = $_GET['order'];
$order = sanitize_text_field($_GET['order']);
}


Expand Down

0 comments on commit 4756b4d

Please sign in to comment.