Skip to content

Commit d8d4875

Browse files
HardeepAsraniHardeepAsrani
authored
release: v1.2.3
- Improvement to sanitization.
2 parents 8949b49 + a61354f commit d8d4875

6 files changed

Lines changed: 137 additions & 95 deletions

File tree

composer.lock

Lines changed: 7 additions & 7 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

inc/API.php

Lines changed: 72 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -265,54 +265,88 @@ public function update_settings( $request ) {
265265
$validation = apply_filters(
266266
'hyve_settings_validation',
267267
[
268-
'api_key' => function ( $value ) {
269-
return is_string( $value );
270-
},
271-
'qdrant_api_key' => function ( $value ) {
272-
return is_string( $value );
273-
},
274-
'qdrant_endpoint' => function ( $value ) {
275-
return is_string( $value );
276-
},
277-
'chat_enabled' => function ( $value ) {
278-
return is_bool( $value );
279-
},
280-
'welcome_message' => function ( $value ) {
281-
return is_string( $value );
282-
},
283-
'default_message' => function ( $value ) {
284-
return is_string( $value );
285-
},
286-
'chat_model' => function ( $value ) {
287-
return is_string( $value );
288-
},
289-
'temperature' => function ( $value ) {
290-
return is_numeric( $value );
291-
},
292-
'top_p' => function ( $value ) {
293-
return is_numeric( $value );
294-
},
295-
'moderation_threshold' => function ( $value ) {
296-
return is_array( $value ) && array_reduce(
297-
$value,
298-
function ( $carry, $item ) {
299-
return $carry && is_int( $item );
300-
},
301-
true
302-
);
303-
},
268+
'api_key' => [
269+
'validate' => function ( $value ) {
270+
return is_string( $value );
271+
},
272+
'sanitize' => 'sanitize_text_field',
273+
],
274+
'qdrant_api_key' => [
275+
'validate' => function ( $value ) {
276+
return is_string( $value );
277+
},
278+
'sanitize' => 'sanitize_text_field',
279+
],
280+
'qdrant_endpoint' => [
281+
'validate' => function ( $value ) {
282+
return is_string( $value );
283+
},
284+
'sanitize' => 'sanitize_url',
285+
],
286+
'chat_enabled' => [
287+
'validate' => function ( $value ) {
288+
return is_bool( $value );
289+
},
290+
'sanitize' => 'rest_sanitize_boolean',
291+
],
292+
'welcome_message' => [
293+
'validate' => function ( $value ) {
294+
return is_string( $value );
295+
},
296+
'sanitize' => 'sanitize_text_field',
297+
],
298+
'default_message' => [
299+
'validate' => function ( $value ) {
300+
return is_string( $value );
301+
},
302+
'sanitize' => 'sanitize_text_field',
303+
],
304+
'chat_model' => [
305+
'validate' => function ( $value ) {
306+
return is_string( $value );
307+
},
308+
'sanitize' => 'sanitize_text_field',
309+
],
310+
'temperature' => [
311+
'validate' => function ( $value ) {
312+
return is_numeric( $value );
313+
},
314+
'sanitize' => 'floatval',
315+
],
316+
'top_p' => [
317+
'validate' => function ( $value ) {
318+
return is_numeric( $value );
319+
},
320+
'sanitize' => 'floatval',
321+
],
322+
'moderation_threshold' => [
323+
'validate' => function ( $value ) {
324+
return is_array( $value ) && array_reduce(
325+
$value,
326+
function ( $carry, $item ) {
327+
return $carry && is_int( $item );
328+
},
329+
true
330+
);
331+
},
332+
'sanitize' => function ( $value ) {
333+
return array_map( 'intval', $value );
334+
},
335+
],
304336
]
305337
);
306338

307339
foreach ( $updated as $key => $value ) {
308-
if ( ! $validation[ $key ]( $value ) ) {
340+
if ( ! $validation[ $key ]['validate']( $value ) ) {
309341
return rest_ensure_response(
310342
[
311343
// translators: %s: option key.
312344
'error' => sprintf( __( 'Invalid value: %s', 'hyve-lite' ), $key ),
313345
]
314346
);
315347
}
348+
349+
$updated[ $key ] = $validation[ $key ]['sanitize']( $value );
316350
}
317351

318352
foreach ( $updated as $key => $value ) {
@@ -662,7 +696,7 @@ function ( $message ) use ( $run_id ) {
662696

663697
$settings = Main::get_settings();
664698

665-
$response = ( isset( $message['success'] ) && true === $message['success'] && isset( $message['response'] ) ) ? $message['response'] : $settings['default_message'];
699+
$response = ( isset( $message['success'] ) && true === $message['success'] && isset( $message['response'] ) ) ? $message['response'] : esc_html( $settings['default_message'] );
666700

667701
do_action( 'hyve_chat_response', $run_id, $thread_id, $query, $record_id, $message, $response );
668702

inc/Main.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -269,7 +269,7 @@ public function enqueue_assets() {
269269
'click' => HYVE_LITE_URL . 'assets/audio/click.mp3',
270270
'ping' => HYVE_LITE_URL . 'assets/audio/ping.mp3',
271271
],
272-
'welcome' => $settings['welcome_message'] ?? '',
272+
'welcome' => esc_html( $settings['welcome_message'] ?? '' ),
273273
'isEnabled' => $settings['chat_enabled'],
274274
'strings' => [
275275
'reply' => __( 'Write a reply…', 'hyve-lite' ),

package-lock.json

Lines changed: 54 additions & 46 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,10 +51,10 @@
5151
"semantic-release": "^19.0.5",
5252
"semantic-release-slack-bot": "^4.0.2",
5353
"simple-git-hooks": "^2.9.0",
54-
"tailwindcss": "^3.4.14"
54+
"tailwindcss": "^3.4.15"
5555
},
5656
"dependencies": {
57-
"@wordpress/icons": "^10.11.0",
57+
"@wordpress/icons": "^10.13.0",
5858
"classnames": "^2.5.1",
5959
"object-hash": "^3.0.0"
6060
}

0 commit comments

Comments
 (0)