Add sanitization #16

sethshoultes · 2019-10-22T18:58:52Z

Adds sanitization throughout the plugin.

…qty field.

mnelson4

Had a few suggestions and questions. But ya, that's a whole lot code to review so good job IMO!

includes/admin-reports/edit_attendee_record.php

includes/event-management/insert_event.php

includes/event-management/update_event.php

sethshoultes

Added the suggested changes from @mnelson4

includes/admin-reports/edit_attendee_record.php

includes/admin-reports/enter_attendee_payments.php

includes/event-management/insert_event.php

includes/event-management/update_event.php

sethshoultes · 2019-10-23T21:37:51Z

@mnelson4 thanks! Yes, it a lot of code. I added all of your suggestions. It looks like @Pebblo has a question on one your suggestions here: #16 (comment)

mnelson4

These look good, but I did notice one typo

includes/admin-reports/enter_attendee_payments.php

…tespresso/event-espresso-legacy into BUG/fix-sanitization-issues

mnelson4

No must-haves, I did have some suggestions though

mnelson4 · 2019-12-05T18:27:36Z

includes/admin-files/staff-management/add_staff_to_db.php

+		$staff_meta['phone'] = sanitize_text_field($_REQUEST['phone']);
+		$staff_meta['twitter'] = sanitize_text_field($_REQUEST['twitter']);
+		$staff_meta['image'] = sanitize_text_field($_REQUEST['image']);
+		$staff_meta['website'] = sanitize_text_field($_REQUEST['website']);


is this a url? if so esc_url_raw() would be better

mnelson4 · 2019-12-05T18:28:13Z

includes/admin-files/staff-management/add_staff_to_db.php

-		$staff_meta['website'] = $_REQUEST['website'];
+		$staff_meta['phone'] = sanitize_text_field($_REQUEST['phone']);
+		$staff_meta['twitter'] = sanitize_text_field($_REQUEST['twitter']);
+		$staff_meta['image'] = sanitize_text_field($_REQUEST['image']);


is this a url too? if so esc_url_raw() would be better

mnelson4 · 2019-12-05T18:29:06Z

includes/admin-files/staff-management/update_staff.php

+	$staff_meta['image'] = sanitize_text_field($_REQUEST['image']);
+	$staff_meta['website'] = sanitize_text_field($_REQUEST['website']);


could use esc_url_raw() again

includes/form-builder/groups/index.php

includes/form-builder/index.php

includes/functions/export.php

…tespresso/event-espresso-legacy into BUG/fix-sanitization-issues

mnelson4

Josh pointed out a significant issue that needs addressing (I basically missed it)

mnelson4

Ah I see that issue has since been addressed!

sethshoultes added 5 commits October 22, 2019 12:57

Add sanitization to the $catid vars

5ae0ef7

Sanitizing the POST and REQUEST fields

46de0b0

Sanitize post and request fields

3b944de

Add sanitization to request and post fields. Fixed a bug in the time_…

45268d2

…qty field.

Sanitize request and post fields

51024e9

sethshoultes requested a review from mnelson4 October 23, 2019 13:38

What’s the best method to sanitize here?

9ad3ede

sethshoultes assigned sethshoultes, joshfeck and Pebblo Oct 23, 2019

Remove sanitization where not needed.

0b85634

mnelson4 suggested changes Oct 23, 2019

View reviewed changes

joshfeck and others added 3 commits October 23, 2019 14:19

add validation and sanitize query for updating question groups

f9bdb0d

Merge branch 'master' into BUG/fix-sanitization-issues

5fd6c58

Adding sugested fixes from @mnelson

f86e5b7

sethshoultes commented Oct 23, 2019

View reviewed changes

Adding prepare to the queries

4cbc22f

validate question group ID and add prepare statements to queries

758c7f7

mnelson4 suggested changes Oct 24, 2019

View reviewed changes

includes/admin-reports/enter_attendee_payments.php Outdated Show resolved Hide resolved

sethshoultes added 3 commits October 24, 2019 05:49

Fix typo

242b246

Merge branch 'BUG/fix-sanitization-issues' of https://github.com/even…

590d530

…tespresso/event-espresso-legacy into BUG/fix-sanitization-issues

Added sanitization to the PayPal settings

3df7f7c

sethshoultes requested a review from mnelson4 November 4, 2019 21:10

sethshoultes and others added 6 commits November 4, 2019 14:37

Update the query to use prepare

32c1a56

Sanitize PayPal settings before saving.

42514f3

Sanitize ueip_optin.

f04f289

Sanitize input fields when creating a coupon;

96e0612

Sanitize the discount_id field passed in the request and use prepare();

ab895f0

Sanitize input fields when updating a coupon;

bdc653e

joshfeck added 2 commits November 14, 2019 16:55

Merge branch 'refs/heads/master' into BUG/fix-sanitization-issues

3e8b6cc

more sanitizing and validating

19e9967

joshfeck modified the milestones: 3.1.37.16, 3.1.37.17 Nov 15, 2019

joshfeck modified the milestones: 3.1.37.17, 3.1.37.18 Nov 29, 2019

joshfeck and others added 13 commits November 29, 2019 14:05

Merge branch 'refs/heads/master' into BUG/fix-sanitization-issues

524483e

validate questions/groups re-ordering values

e1de722

add some more validation when updating categories

d59e273

fix recurring events

625f133

validate ID

e25e5f6

validate IDs and sanitize text fields

91a02c9

Merge branch 'master' into BUG/fix-sanitization-issues

dbda591

fix discount query (per Mike's review)

c452f46

fix events admin query (per Mike's review)

a8e7045

fix events query (per Mike's review)

c357471

Add sanitization to text fields

c96e9ee

Add sanitization

510ed5d

Add sanitization

b3ca570

sethshoultes requested a review from mnelson4 December 5, 2019 17:54

mnelson4 approved these changes Dec 5, 2019

View reviewed changes

joshfeck and others added 4 commits December 5, 2019 17:38

prepare query

2e8f036

validate category ID

73f49c1

Using esc_url_raw for URL sanitization

97f66c9

Merge branch 'BUG/fix-sanitization-issues' of https://github.com/even…

c0b2835

…tespresso/event-espresso-legacy into BUG/fix-sanitization-issues

mnelson4 suggested changes Dec 5, 2019

View reviewed changes

mnelson4 approved these changes Dec 6, 2019

View reviewed changes

fix settings current time display

8617b08

Pebblo modified the milestones: 3.1.37.18, 3.1.37.19.p Apr 29, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add sanitization #16

Add sanitization #16

sethshoultes commented Oct 22, 2019

mnelson4 left a comment

sethshoultes left a comment

sethshoultes commented Oct 23, 2019

mnelson4 left a comment

mnelson4 left a comment

mnelson4 Dec 5, 2019

mnelson4 Dec 5, 2019

mnelson4 Dec 5, 2019

mnelson4 left a comment

mnelson4 left a comment

		$staff_meta['image'] = sanitize_text_field($_REQUEST['image']);
		$staff_meta['website'] = sanitize_text_field($_REQUEST['website']);

Add sanitization #16

Are you sure you want to change the base?

Add sanitization #16

Conversation

sethshoultes commented Oct 22, 2019

mnelson4 left a comment

Choose a reason for hiding this comment

sethshoultes left a comment

Choose a reason for hiding this comment

sethshoultes commented Oct 23, 2019

mnelson4 left a comment

Choose a reason for hiding this comment

mnelson4 left a comment

Choose a reason for hiding this comment

mnelson4 Dec 5, 2019

Choose a reason for hiding this comment

mnelson4 Dec 5, 2019

Choose a reason for hiding this comment

mnelson4 Dec 5, 2019

Choose a reason for hiding this comment

mnelson4 left a comment

Choose a reason for hiding this comment

mnelson4 left a comment

Choose a reason for hiding this comment