Added sanitization on posted AJAX data

ce467447 · Grzegorz Rola · fe4d0a5f · ce467447 · ce467447
Commit ce467447 authored 5 years ago by Grzegorz Rola
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## [3.1.2] - 2020-03-05
+### Added
+- sanitization on posted AJAX data
+
 ## [3.1.1] - 2019-07-30
 ### Fixed
 - Security for templates as side effect is generated there. Also required for prefixer compatibility

--- a/src/WPDesk/Notice/AjaxHandler.php
+++ b/src/WPDesk/Notice/AjaxHandler.php
@@ -82,10 +82,10 @@ class AjaxHandler implements HookablePluginDependant
    public function processAjaxNoticeDismiss()
    {
        if (isset($_POST[self::POST_FIELD_NOTICE_NAME])) {
-            $noticeName = $_POST[self::POST_FIELD_NOTICE_NAME];
+            $noticeName = sanitize_text_field($_POST[self::POST_FIELD_NOTICE_NAME]);

            if (isset($_POST[self::POST_FIELD_SOURCE])) {
-                $source = $_POST[ self::POST_FIELD_SOURCE ];
+                $source = sanitize_text_field($_POST[ self::POST_FIELD_SOURCE ]);
            } else {
                $source = null;
            }