Codeinwp
diff --git a/‎backend/settings-panel.class.php‎
Lines changed: 4 additions & 4 deletions b/‎backend/settings-panel.class.php‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎inc/admin.php‎
Lines changed: 17 additions & 11 deletions b/‎inc/admin.php‎
Lines changed: 17 additions & 11 deletions
diff --git a/‎inc/validation.php‎
Lines changed: 5 additions & 5 deletions b/‎inc/validation.php‎
Lines changed: 5 additions & 5 deletions
@@ -947,15 +947,15 @@ public function is_settings_page() {
 	/**
 	 * Inserts an item into an array at a fixed position.
 	 *
-	 * @param array $array    Source array.
+	 * @param array $items    Source array.
 	 * @param array $item     Item to insert.
 	 * @param int   $position Numeric insertion offset.
 	 *
 	 * @return array
 	 */
-	public function insert_at( $array = array(), $item = array(), $position = 0 ) {
-		$previous_items = array_slice( $array, 0, $position, true );
-		$next_items     = array_slice( $array, $position, null, true );
+	public function insert_at( $items = array(), $item = array(), $position = 0 ) {
+		$previous_items = array_slice( $items, 0, $position, true );
+		$next_items     = array_slice( $items, $position, null, true );
 
 		return $previous_items + $item + $next_items;
 	}
 
@@ -299,7 +299,8 @@ function ppom_admin_show_notices() {
  */
 function ppom_admin_save_form_meta() {
 
-	$db_version = floatval( get_option( 'personalizedproduct_db_version' ) );
+	$db_version      = floatval( get_option( 'personalizedproduct_db_version' ) );
+	$ppom_form_nonce = isset( $_POST['ppom_form_nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['ppom_form_nonce'] ) ) : '';
 
 	if ( $db_version < 22.1 ) {
 		$resp = array(
@@ -312,8 +313,8 @@ function ppom_admin_save_form_meta() {
 
 	// print_r($_REQUEST); exit;
 
-	if ( ! isset( $_POST['ppom_form_nonce'] )
-	|| ! wp_verify_nonce( $_POST['ppom_form_nonce'], 'ppom_form_nonce_action' )
+	if ( empty( $ppom_form_nonce )
+	|| ! wp_verify_nonce( $ppom_form_nonce, 'ppom_form_nonce_action' )
 	|| ! ppom_security_role()
 	) {
 		$resp = array(
@@ -482,8 +483,9 @@ function ( $pm ) {
 function ppom_admin_update_form_meta() {
 
 
-	$return_page    = isset( $_REQUEST['ppom_meta'] ) ? 'ppom-energy' : 'ppom';
-	$productmeta_id = isset( $_REQUEST['productmeta_id'] ) ? sanitize_text_field( $_REQUEST['productmeta_id'] ) : '';
+	$return_page     = isset( $_REQUEST['ppom_meta'] ) ? 'ppom-energy' : 'ppom';
+	$productmeta_id  = isset( $_REQUEST['productmeta_id'] ) ? sanitize_text_field( $_REQUEST['productmeta_id'] ) : '';
+	$ppom_form_nonce = isset( $_POST['ppom_form_nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['ppom_form_nonce'] ) ) : '';
 
 	$ppom_args   = array(
 		'page'           => $return_page,
@@ -506,8 +508,8 @@ function ppom_admin_update_form_meta() {
 	}
 
 
-	if ( ! isset( $_POST['ppom_form_nonce'] )
-	|| ! wp_verify_nonce( $_POST['ppom_form_nonce'], 'ppom_form_nonce_action' )
+	if ( empty( $ppom_form_nonce )
+	|| ! wp_verify_nonce( $ppom_form_nonce, 'ppom_form_nonce_action' )
 	|| ! ppom_security_role()
 	) {
 		$resp = array(
@@ -683,8 +685,10 @@ function ppom_admin_update_ppom_meta_only( $ppom_id, $ppom_meta ) {
  */
 function ppom_admin_delete_meta() {
 
-	if ( ! isset( $_POST['ppom_meta_nonce'] )
-	|| ! wp_verify_nonce( $_POST['ppom_meta_nonce'], 'ppom_meta_nonce_action' )
+	$ppom_meta_nonce = isset( $_POST['ppom_meta_nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['ppom_meta_nonce'] ) ) : '';
+
+	if ( empty( $ppom_meta_nonce )
+	|| ! wp_verify_nonce( $ppom_meta_nonce, 'ppom_meta_nonce_action' )
 	|| ! ppom_security_role()
 	) {
 		$response = array(
@@ -730,8 +734,10 @@ function ppom_admin_delete_meta() {
  */
 function ppom_admin_delete_selected_meta() {
 
-	if ( ! isset( $_POST['ppom_meta_nonce'] )
-	|| ! wp_verify_nonce( $_POST['ppom_meta_nonce'], 'ppom_meta_nonce_action' )
+	$ppom_meta_nonce = isset( $_POST['ppom_meta_nonce'] ) ? sanitize_text_field( wp_unslash( $_POST['ppom_meta_nonce'] ) ) : '';
+
+	if ( empty( $ppom_meta_nonce )
+	|| ! wp_verify_nonce( $ppom_meta_nonce, 'ppom_meta_nonce_action' )
 	|| ! ppom_security_role()
 	|| ! array_key_exists( 'productmeta_ids', $_POST )
 	|| ! is_array( $_POST['productmeta_ids'] )
 
@@ -100,25 +100,25 @@ function ppom_esc_html( $content ) {
 	 * Keys that allow stored HTML are sanitized with `ppom_esc_html()`. All other
 	 * scalar values are reduced to plain text.
 	 *
-	 * @param array $array Untrusted field-definition array.
+	 * @param array $data Untrusted field-definition array.
 	 *
 	 * @return array
 	 *
 	 * @see ppom_admin_save_form_meta()
 	 * @see ppom_admin_update_form_meta()
 	 */
-function ppom_sanitize_array_data( $array ) {
-	foreach ( $array as $key => &$value ) {
+function ppom_sanitize_array_data( $data ) {
+	foreach ( $data as $key => &$value ) {
 		if ( is_array( $value ) ) {
 			$value = ppom_sanitize_array_data( $value );
 		} elseif ( in_array( $key, ppom_fields_with_html(), true ) ) {
-				$value = ppom_esc_html( $value );
+			$value = ppom_esc_html( $value );
 		} else {
 			$value = sanitize_text_field( $value );
 		}
 	}
 
-	return $array;
+	return $data;
 }
Original file line number	Diff line number	Diff line change
`@@ -947,15 +947,15 @@ public function is_settings_page() {`
`947`	`947`	`/**`
`948`	`948`	`* Inserts an item into an array at a fixed position.`
`949`	`949`	`*`
`950`		`- * @param array $array Source array.`
	`950`	`+ * @param array $items Source array.`
`951`	`951`	`* @param array $item Item to insert.`
`952`	`952`	`* @param int $position Numeric insertion offset.`
`953`	`953`	`*`
`954`	`954`	`* @return array`
`955`	`955`	`*/`
`956`		`- public function insert_at( $array = array(), $item = array(), $position = 0 ) {`
`957`		`- $previous_items = array_slice( $array, 0, $position, true );`
`958`		`- $next_items = array_slice( $array, $position, null, true );`
	`956`	`+ public function insert_at( $items = array(), $item = array(), $position = 0 ) {`
	`957`	`+ $previous_items = array_slice( $items, 0, $position, true );`
	`958`	`+ $next_items = array_slice( $items, $position, null, true );`
`959`	`959`
`960`	`960`	`return $previous_items + $item + $next_items;`
`961`	`961`	`}`
Original file line number	Diff line number	Diff line change
`@@ -100,25 +100,25 @@ function ppom_esc_html( $content ) {`
`100`	`100`	* Keys that allow stored HTML are sanitized with `ppom_esc_html()`. All other
`101`	`101`	`* scalar values are reduced to plain text.`
`102`	`102`	`*`
`103`		`- * @param array $array Untrusted field-definition array.`
	`103`	`+ * @param array $data Untrusted field-definition array.`
`104`	`104`	`*`
`105`	`105`	`* @return array`
`106`	`106`	`*`
`107`	`107`	`* @see ppom_admin_save_form_meta()`
`108`	`108`	`* @see ppom_admin_update_form_meta()`
`109`	`109`	`*/`
`110`		`-function ppom_sanitize_array_data( $array ) {`
`111`		`- foreach ( $array as $key => &$value ) {`
	`110`	`+function ppom_sanitize_array_data( $data ) {`
	`111`	`+ foreach ( $data as $key => &$value ) {`
`112`	`112`	`if ( is_array( $value ) ) {`
`113`	`113`	`$value = ppom_sanitize_array_data( $value );`
`114`	`114`	`} elseif ( in_array( $key, ppom_fields_with_html(), true ) ) {`
`115`		`- $value = ppom_esc_html( $value );`
	`115`	`+ $value = ppom_esc_html( $value );`
`116`	`116`	`} else {`
`117`	`117`	`$value = sanitize_text_field( $value );`
`118`	`118`	`}`
`119`	`119`	`}`
`120`	`120`
`121`		`- return $array;`
	`121`	`+ return $data;`
`122`	`122`	`}`
`123`	`123`
`124`	`124`