Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #23380 from woocommerce/fix/23378 

Added missing wp_unslash to order data meta box save
This commit is contained in:
Mike Jolley 2019-04-24 14:31:14 +01:00 committed by GitHub
parent 6837977e8c d411f082d7
commit ab5ff7576d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
includes/admin/meta-boxes/class-wc-meta-box-order-data.php
View File

@ -556,9 +556,9 @@ class WC_Meta_Box_Order_Data {
}
if ( is_callable( array( $order, 'set_billing_' . $key ) ) ) {
$props[ 'billing_' . $key ] = wc_clean( $_POST[ $field['id'] ] );
$props[ 'billing_' . $key ] = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );
} else {
$order->update_meta_data( $field['id'], wc_clean( $_POST[ $field['id'] ] ) );
$order->update_meta_data( $field['id'], wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) );
}
}
}
@ -575,21 +575,21 @@ class WC_Meta_Box_Order_Data {
}
if ( is_callable( array( $order, 'set_shipping_' . $key ) ) ) {
$props[ 'shipping_' . $key ] = wc_clean( $_POST[ $field['id'] ] );
$props[ 'shipping_' . $key ] = wc_clean( wp_unslash( $_POST[ $field['id'] ] ) );
} else {
$order->update_meta_data( $field['id'], wc_clean( $_POST[ $field['id'] ] ) );
$order->update_meta_data( $field['id'], wc_clean( wp_unslash( $_POST[ $field['id'] ] ) ) );
}
}
}
if ( isset( $_POST['_transaction_id'] ) ) {
$props['transaction_id'] = wc_clean( $_POST['_transaction_id'] );
$props['transaction_id'] = wc_clean( wp_unslash( $_POST['_transaction_id'] ) );
}
// Payment method handling.
if ( $order->get_payment_method() !== wp_unslash( $_POST['_payment_method'] ) ) {
$methods = WC()->payment_gateways->payment_gateways();
$payment_method = wc_clean( $_POST['_payment_method'] );
$payment_method = wc_clean( wp_unslash( $_POST['_payment_method'] ) );
$payment_method_title = $payment_method;
if ( isset( $methods ) && isset( $methods[ $payment_method ] ) ) {
@ -616,7 +616,7 @@ class WC_Meta_Box_Order_Data {
// Save order data.
$order->set_props( $props );
$order->set_status( wc_clean( $_POST['order_status'] ), '', true );
$order->set_status( wc_clean( wp_unslash( $_POST['order_status'] ) ), '', true );
$order->save();
}
}