Merge branch 'feature/sanitization' into 'master'

Added sanitization on posted AJAX data See merge request !17

Merge branch 'feature/sanitization' into 'master'
Added sanitization on posted AJAX data See merge request !17
bd062f56 · Grzegorz Rola · fe4d0a5f · be594106 · bd062f56 · bd062f56
Commit bd062f56 authored 5 years ago by Grzegorz Rola
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
 variables:
  DISABLE_FUNCTIONAL: 1
  DISABLE_ACCEPTANCE: 1
+  DISABLE_CODECEPTION: 1
  IS_LIBRARY: 1

 include: 'https://gitlab.com/wpdesk/gitlab-ci/raw/master/gitlab-ci-1.2.yml'

--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## [3.1.2] - 2020-03-05
+### Added
+- sanitization on posted AJAX data
+
 ## [3.1.1] - 2019-07-30
 ### Fixed
 - Security for templates as side effect is generated there. Also required for prefixer compatibility

--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -82,10 +82,10 @@ class AjaxHandler implements HookablePluginDependant
    public function processAjaxNoticeDismiss()
    {
        if (isset($_POST[self::POST_FIELD_NOTICE_NAME])) {
-            $noticeName = $_POST[self::POST_FIELD_NOTICE_NAME];
+            $noticeName = sanitize_text_field($_POST[self::POST_FIELD_NOTICE_NAME]);

            if (isset($_POST[self::POST_FIELD_SOURCE])) {
-                $source = $_POST[ self::POST_FIELD_SOURCE ];
+                $source = sanitize_text_field($_POST[ self::POST_FIELD_SOURCE ]);
            } else {
                $source = null;
            }