summaryrefslogtreecommitdiff
path: root/Postman/PostmanInputSanitizer.php
diff options
context:
space:
mode:
authoryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-28 20:15:29 +0000
committeryehudah <yehudah@b8457f37-d9ea-0310-8a92-e5e31aec5664>2019-08-28 20:15:29 +0000
commit5f134fb5839bf3e161385727c2a2009b54444878 (patch)
treec504f5ec5158704dbfd96f74d8675ab228f0070a /Postman/PostmanInputSanitizer.php
parent6372e454198ed7a1a792b5bfd286af1178ae7d63 (diff)
downloadPost-SMTP-5f134fb5839bf3e161385727c2a2009b54444878.zip
security + export csv
Diffstat (limited to 'Postman/PostmanInputSanitizer.php')
-rw-r--r--Postman/PostmanInputSanitizer.php8
1 files changed, 5 insertions, 3 deletions
diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php
index 1b73378..75a0041 100644
--- a/Postman/PostmanInputSanitizer.php
+++ b/Postman/PostmanInputSanitizer.php
@@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
public function sanitizeString( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$this->logSanitize( $desc, $input [ $key ] );
- $new_input [ $key ] = trim( $input [ $key ] );
+ $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) );
}
}
@@ -149,7 +149,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
$new_input [ $key ] = $existingPassword;
} else {
// otherwise the password is new, so trim it
- $new_input [ $key ] = trim( $input [ $key ] );
+ $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) );
}
// log it
$this->logSanitize( $desc, $new_input [ $key ] );
@@ -158,6 +158,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
}
$this->logger->debug( sprintf( 'Encoding %s as %s', $desc, $new_input [ $key ] ) );
}
+
private function sanitizeLogMax( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$value = absint( $input [ $key ] );
@@ -167,10 +168,11 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) {
$h->addError( sprintf( '%s %s', __( 'Maximum Log Entries', 'post-smtp' ), __( 'must be greater than 0', 'post-smtp' ) ) );
} else {
$this->logSanitize( $desc, $input [ $key ] );
- $new_input [ $key ] = $value;
+ $new_input [ $key ] = absint($value);
}
}
}
+
private function sanitizeInt( $desc, $key, $input, &$new_input ) {
if ( isset( $input [ $key ] ) ) {
$this->logSanitize( $desc, $input [ $key ] );