Sanitize name and description when creating a segment
This commits adds the sanitization right before the data is added to the database (\MailPoet\Segments\SegmentsRepository::createOrUpdate()) and removes the sanitization from \MailPoet\Segments\DynamicSegments\SegmentSaveController::save() to avoid sanitizing twice. save() calls createOrUpdate(). Before this commit, we were sanitizing the name and description of dynamic segments but not regular segments. [MAILPOET-5232]
This commit is contained in:
Rodrigo Primo
@@ -31,8 +31,8 @@ class SegmentSaveController {
|
||||
*/
|
||||
public function save(array $data = []): SegmentEntity {
|
||||
$id = isset($data['id']) ? (int)$data['id'] : null;
|
||||
$name = isset($data['name']) ? sanitize_text_field($data['name']) : '';
|
||||
$description = isset($data['description']) ? sanitize_textarea_field($data['description']) : '';
|
||||
$name = $data['name'] ?? '';
|
||||
$description = $data['description'] ?? '';
|
||||
$filtersData = $this->filterDataMapper->map($data);
|
||||
|
||||
return $this->segmentsRepository->createOrUpdate($name, $description, SegmentEntity::TYPE_DYNAMIC, $filtersData, $id);
|
||||
|
||||
@@ -138,6 +138,10 @@ class SegmentsRepository extends Repository {
|
||||
bool $displayInManageSubscriptionPage = true
|
||||
): SegmentEntity {
|
||||
$displayInManageSubPage = $type === SegmentEntity::TYPE_DEFAULT ? $displayInManageSubscriptionPage : false;
|
||||
|
||||
$name = sanitize_text_field($name);
|
||||
$description = sanitize_textarea_field($description);
|
||||
|
||||
if ($id) {
|
||||
$segment = $this->findOneById($id);
|
||||
if (!$segment instanceof SegmentEntity) {
|
||||
|
||||
Reference in New Issue
Block a user