Cavemanon/piratepoet
8
Fork 0
Code Pull Requests Actions Releases 16 Activity

Sanitize name and description when creating a segment

Browse Source 
This commits adds the sanitization right before the data is added to the
database (\MailPoet\Segments\SegmentsRepository::createOrUpdate()) and
removes the sanitization from
\MailPoet\Segments\DynamicSegments\SegmentSaveController::save() to
avoid sanitizing twice. save() calls createOrUpdate().

Before this commit, we were sanitizing the name and description of
dynamic segments but not regular segments.

[MAILPOET-5232]
This commit is contained in:
Rodrigo Primo
2023-04-14 15:18:37 -03:00
parent 1565b71bb1
commit 119dcbd5b5
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mailpoet/lib/Segments/DynamicSegments/SegmentSaveController.php
View File

@@ -31,8 +31,8 @@ class SegmentSaveController {
*/
public function save(array $data = []): SegmentEntity {
$id = isset($data['id']) ? (int)$data['id'] : null;
$name = isset($data['name']) ? sanitize_text_field($data['name']) : '';
$description = isset($data['description']) ? sanitize_textarea_field($data['description']) : '';
$name = $data['name'] ?? '';
$description = $data['description'] ?? '';
$filtersData = $this->filterDataMapper->map($data);
return $this->segmentsRepository->createOrUpdate($name, $description, SegmentEntity::TYPE_DYNAMIC, $filtersData, $id);