Merge pull request #722 from wp-media/fix/721-deprecated-filter

Fixes #721 Replace usage of `FILTER_SANITIZE_STRING`
wp-media · May 26, 2023 · c529cf9 · c529cf9
2 parents 46f9df2 + cc948af
commit c529cf9
Show file tree

Hide file tree

Showing 5 changed files with 107 additions and 204 deletions.
diff --git a/classes/Bulk/Bulk.php b/classes/Bulk/Bulk.php
@@ -413,13 +413,14 @@ public function can_optimize() {
 	 *
 	 * @since 1.9
 	 *
-	 * @param  string $method The method used: 'GET' (default), or 'POST'.
-	 * @param  string $parameter The name of the parameter to look for.
+	 * @param string $method The method used: 'GET' (default), or 'POST'.
+	 * @param string $parameter The name of the parameter to look for.
+	 *
 	 * @return string
 	 */
 	public function get_context( $method = 'GET', $parameter = 'context' ) {
-		$method  = 'POST' === $method ? INPUT_POST : INPUT_GET;
-		$context = filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
+		$context = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); //phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
+		$context = htmlspecialchars( $context );
 
 		return imagify_sanitize_context( $context );
 	}
@@ -557,7 +558,7 @@ public function bulk_info_seen_callback() {
 	public function bulk_get_stats_callback() {
 		imagify_check_nonce( 'imagify-bulk-optimize' );
 
-		$folder_types = filter_input( INPUT_GET, 'types', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+		$folder_types = filter_input( INPUT_GET, 'types', FILTER_REQUIRE_ARRAY );
 		$folder_types = is_array( $folder_types ) ? array_filter( $folder_types, 'is_string' ) : [];
 
 		if ( ! $folder_types ) {

diff --git a/inc/classes/class-imagify-admin-ajax-post.php b/inc/classes/class-imagify-admin-ajax-post.php
@@ -1148,7 +1148,7 @@ public function imagify_dismiss_ad_callback() {
 			imagify_die();
 		}
 
-		$notice = filter_input( INPUT_GET, 'ad', FILTER_SANITIZE_STRING );
+		$notice = htmlspecialchars( wp_unslash( $_GET['ad'] ) );
 
 		if ( ! $notice ) {
 			imagify_maybe_redirect();
@@ -1215,8 +1215,8 @@ public function get_optimization_level( $method = 'GET', $parameter = 'optimizat
 	 * @return string
 	 */
 	public function get_context( $method = 'GET', $parameter = 'context' ) {
-		$method  = 'POST' === $method ? INPUT_POST : INPUT_GET;
-		$context = filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
+		$context = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
+		$context = htmlspecialchars( $context );
 
 		return imagify_sanitize_context( $context );
 	}
@@ -1246,28 +1246,30 @@ public function get_media_id( $method = 'GET', $parameter = 'attachment_id' ) {
 	 *
 	 * @since 1.9
 	 *
-	 * @param  string $method    The method used: 'GET' (default), or 'POST'.
-	 * @param  string $parameter The name of the parameter to look for.
+	 * @param string $method    The method used: 'GET' (default), or 'POST'.
+	 * @param string $parameter The name of the parameter to look for.
+	 *
 	 * @return string
 	 */
 	public function get_folder_type( $method = 'GET', $parameter = 'folder_type' ) {
-		$method = 'POST' === $method ? INPUT_POST : INPUT_GET;
+		$folder_type = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
 
-		return filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
+		return htmlspecialchars( $folder_type );
 	}
 
 	/**
 	 * Get the submitted imagify action.
 	 *
 	 * @since 1.9
 	 *
-	 * @param  string $method    The method used: 'GET' (default), or 'POST'.
-	 * @param  string $parameter The name of the parameter to look for.
+	 * @param string $method    The method used: 'GET' (default), or 'POST'.
+	 * @param string $parameter The name of the parameter to look for.
+	 *
 	 * @return string
 	 */
 	public function get_imagify_action( $method = 'GET', $parameter = 'imagify_action' ) {
-		$method = 'POST' === $method ? INPUT_POST : INPUT_GET;
-		$action = filter_input( $method, $parameter, FILTER_SANITIZE_STRING );
+		$action = 'POST' === $method ? wp_unslash( $_POST[ $parameter ] ) : wp_unslash( $_GET[ $parameter ] ); // phpcs:ignore WordPress.Security.NonceVerification.Missing, WordPress.Security.NonceVerification.Recommended
+		$action = htmlspecialchars( $action );
 
 		return $action ? $action : 'optimize';
 	}