commit by denisbaranov:

- fixed conditional logic in form;
- fixed prohibition on editing a field (Form->field->Can user edit this field?);
- fixed cleaning on XSS injection;
- fixed addition "wp_unslash" and "esc_attr" in the "Admin_Forms" class method "render_form_row";
This commit is contained in:
nikitozzzzzzz
2017-10-03 16:29:04 +03:00
parent 63a5c9dcb4
commit a714be2d5c
7 changed files with 3520 additions and 3272 deletions
File diff suppressed because it is too large Load Diff
File diff suppressed because it is too large Load Diff
+23
View File
@@ -458,4 +458,27 @@
}
/**
* Cleaning on XSS injection
* @param $value string
* @param $data array
* @return $value string
* @uses hook filters: um_profile_field_filter_hook__
*/
add_filter('um_profile_field_filter_hook__','um_profile_field_filter_xss_validation',10,2);
function um_profile_field_filter__xss_validation( $value, $data ){
if( ! empty( $value ) && is_string($value)){
$value = stripslashes( $value );
$data['validate'] = isset( $data['validate'] ) ? $data['validate'] : '';
if( 'text' == $data['type'] && !in_array( $data['validate'], array( 'unique_email' ) ) ||
'password' == $data['type'] ){
$value = esc_attr( $value );
}else if ( 'textarea' == $data['type'] ){
$value = wp_kses_post( $value );
}
}
return $value;
}