Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: FILTER_SANITIZE_STRING deprecation #186

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
+29 −11
Open

fix: FILTER_SANITIZE_STRING deprecation #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
172532e
fix: FILTER_SANITIZE_STRING deprecation
arzola Nov 19, 2024
ac5c54d
centralize string sanitization with trait
arzola Dec 10, 2024
61cb75c
improve docs
arzola Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 8 additions & 7 deletions admin/class-h5p-content-admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
*/
class H5PContentAdmin {

use H5PUtils;
/**
* @since 1.1.0
*/
Expand Down Expand Up @@ -64,7 +65,7 @@ public function __construct($plugin_slug) {
* @return string
*/
public function alter_title($page, $admin_title, $title) {
$task = filter_input(INPUT_GET, 'task', FILTER_SANITIZE_STRING);
$task = $this->sanitize_input('task');
$id = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);

// Find content title
Expand Down Expand Up @@ -176,7 +177,7 @@ private function current_user_can_view_content_results($content) {
* @since 1.1.0
*/
public function display_contents_page() {
switch (filter_input(INPUT_GET, 'task', FILTER_SANITIZE_STRING)) {
switch ($this->sanitize_input('task')) {
case NULL:
include_once('views/contents.php');

Expand Down Expand Up @@ -1087,7 +1088,7 @@ public function ajax_libraries() {
$editor = $this->get_h5peditor_instance();

// Get input
$name = filter_input(INPUT_GET, 'machineName', FILTER_SANITIZE_STRING);
$name = $this->sanitize_input('machineName');
$major_version = filter_input(INPUT_GET, 'majorVersion', FILTER_SANITIZE_NUMBER_INT);
$minor_version = filter_input(INPUT_GET, 'minorVersion', FILTER_SANITIZE_NUMBER_INT);

Expand Down Expand Up @@ -1117,7 +1118,7 @@ public function ajax_libraries() {
* Get content type cache
*/
public function ajax_content_type_cache() {
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
$token = $this->sanitize_input('token');

$editor = $this->get_h5peditor_instance();
$editor->ajax->action(H5PEditorEndpoints::CONTENT_TYPE_CACHE, $token);
Expand All @@ -1128,7 +1129,7 @@ public function ajax_content_type_cache() {
* Get translations
*/
public function ajax_translations() {
$language = filter_input(INPUT_GET, 'language', FILTER_SANITIZE_STRING);
$language = $this->sanitize_input('language');

$editor = $this->get_h5peditor_instance();
$editor->ajax->action(H5PEditorEndpoints::TRANSLATIONS, $language);
Expand All @@ -1141,7 +1142,7 @@ public function ajax_translations() {
* @since 1.1.0
*/
public function ajax_files() {
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
$token = $this->sanitize_input('token');
$contentId = filter_input(INPUT_POST, 'contentId', FILTER_SANITIZE_NUMBER_INT);

$editor = $this->get_h5peditor_instance();
Expand Down Expand Up @@ -1176,7 +1177,7 @@ public function ajax_content_results() {
* @since 1.14.0
*/
public function ajax_filter() {
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
$token = $this->sanitize_input('token');
$libraryParameters = filter_input(INPUT_POST, 'libraryParameters');

$editor = $this->get_h5peditor_instance();
Expand Down
5 changes: 3 additions & 2 deletions admin/class-h5p-library-admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
*/
class H5PLibraryAdmin {

use H5PUtils;
/**
* @since 1.1.0
*/
Expand Down Expand Up @@ -49,7 +50,7 @@ public function __construct($plugin_slug) {
* @return string
*/
public function alter_title($page, $admin_title, $title) {
$task = filter_input(INPUT_GET, 'task', FILTER_SANITIZE_STRING);
$task = $this->sanitize_input('task');

// Find library title
$show = ($task === 'show');
Expand Down Expand Up @@ -111,7 +112,7 @@ private function get_library($id = NULL) {
* @since 1.1.0
*/
public function display_libraries_page() {
switch (filter_input(INPUT_GET, 'task', FILTER_SANITIZE_STRING)) {
switch ($this->sanitize_input('task')) {
case NULL:
$this->display_libraries();
return;
Expand Down
3 changes: 2 additions & 1 deletion admin/class-h5p-plugin-admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -550,7 +550,8 @@ public function display_settings_page() {
* @return string
*/
public function alter_title($admin_title, $title) {
$page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_STRING);
$page = filter_input(INPUT_GET, 'page');
$page = htmlspecialchars($page ?? '', ENT_QUOTES, 'UTF-8');

switch ($page) {
case 'h5p':
Expand Down
14 changes: 14 additions & 0 deletions admin/class-h5p-utils.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<?php
trait H5PUtils {
/**
* Filters and sanitizes input, replacing FILTER_SANITIZE_STRING.
*
* @param string $var_name Name of the variable to sanitize.
* @return string Sanitized value.
*/
public function sanitize_input($var_name): string
{
$var_name = filter_input(INPUT_GET, $var_name);
return htmlspecialchars($var_name ?? '', ENT_QUOTES, 'UTF-8');
}
}
3 changes: 2 additions & 1 deletion autoloader.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ function h5p_autoloader($class) {
'H5PLibraryAdmin' => 'admin/class-h5p-library-admin.php',
'H5PEditorWordPressStorage' => 'admin/class-h5p-editor-wordpress-storage.php',
'H5PEditorWordPressAjax' => 'admin/class-h5p-editor-wordpress-ajax.php',
'H5PPrivacyPolicy' => 'admin/class-h5p-privacy-policy.php'
'H5PPrivacyPolicy' => 'admin/class-h5p-privacy-policy.php',
'H5PUtils' => 'admin/class-h5p-utils.php',
);
}

Expand Down