From 5f134fb5839bf3e161385727c2a2009b54444878 Mon Sep 17 00:00:00 2001 From: yehudah Date: Wed, 28 Aug 2019 20:15:29 +0000 Subject: security + export csv --- Postman/PostmanInputSanitizer.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'Postman/PostmanInputSanitizer.php') diff --git a/Postman/PostmanInputSanitizer.php b/Postman/PostmanInputSanitizer.php index 1b73378..75a0041 100644 --- a/Postman/PostmanInputSanitizer.php +++ b/Postman/PostmanInputSanitizer.php @@ -121,7 +121,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { public function sanitizeString( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); - $new_input [ $key ] = trim( $input [ $key ] ); + $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) ); } } @@ -149,7 +149,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $new_input [ $key ] = $existingPassword; } else { // otherwise the password is new, so trim it - $new_input [ $key ] = trim( $input [ $key ] ); + $new_input [ $key ] = sanitize_text_field( trim( $input [ $key ] ) ); } // log it $this->logSanitize( $desc, $new_input [ $key ] ); @@ -158,6 +158,7 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { } $this->logger->debug( sprintf( 'Encoding %s as %s', $desc, $new_input [ $key ] ) ); } + private function sanitizeLogMax( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $value = absint( $input [ $key ] ); @@ -167,10 +168,11 @@ if ( ! class_exists( 'PostmanInputSanitizer' ) ) { $h->addError( sprintf( '%s %s', __( 'Maximum Log Entries', 'post-smtp' ), __( 'must be greater than 0', 'post-smtp' ) ) ); } else { $this->logSanitize( $desc, $input [ $key ] ); - $new_input [ $key ] = $value; + $new_input [ $key ] = absint($value); } } } + private function sanitizeInt( $desc, $key, $input, &$new_input ) { if ( isset( $input [ $key ] ) ) { $this->logSanitize( $desc, $input [ $key ] ); -- cgit v1.2.3