- fixed cleaning on XSS injection for editing field "url"

This commit is contained in:
Denis Baranov
2018-03-14 10:01:13 +02:00
parent d9f5d2801a
commit a0756f3e1b
+19 -2
View File
@@ -477,7 +477,9 @@ function um_profile_field_filter_xss_validation( $value, $data, $type = '' ) {
if( 'text' == $type && ! in_array( $data['validate'], array( 'unique_email' ) ) || 'password' == $type ) {
$value = esc_attr( $value );
} elseif ( 'textarea' == $type ){
}elseif( $type == 'url' ) {
$value = esc_url( $value );
} elseif ( 'textarea' == $type ){
$value = wp_kses_post( $value );
}
}
@@ -506,4 +508,19 @@ add_filter( 'um_profile_field_filter_hook__','um_profile_field_filter_xss_valida
return $post_form;
}
add_filter( 'um_submit_form_data', 'um_submit_form_data_role_fields', 10, 2 );
add_filter( 'um_submit_form_data', 'um_submit_form_data_role_fields', 10, 2 );
/**
* Cleaning on XSS injection for url editing field
* @param $value string
* @param $key string
*
* @return string $value
* @uses hook filters: um_edit_url_field_value
*/
function um_edit_url_field_value( $value, $key ) {
$value = esc_attr($value);
return $value;
}
add_filter( 'um_edit_url_field_value', 'um_edit_url_field_value', 10, 2 );