Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use wp_unslash and only decode when getting attributes, not saving

This commit is contained in:
Mike Jolley 2015-08-13 13:03:51 +01:00
parent 7552704e75
commit fb64e6e66e
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/class-wc-ajax.php
View File

@ -442,7 +442,7 @@ class WC_AJAX {
die();
}
$variation_id = $variable_product->get_matching_variation( stripslashes_deep( $_POST ) );
$variation_id = $variable_product->get_matching_variation( wp_unslash( $_POST ) );
if ( $variation_id ) {
$variation = $variable_product->get_available_variation( $variation_id );
@ -689,7 +689,7 @@ class WC_AJAX {
} elseif ( isset( $attribute_values[ $i ] ) ) {
// Text based, separate by pipe
$values = implode( ' ' . WC_DELIMITER . ' ', array_map( 'wc_clean', wc_get_text_attributes( $attribute_values[ $i ] ) ) );
$values = implode( ' ' . WC_DELIMITER . ' ', array_map( 'wc_clean', explode( WC_DELIMITER, wp_unslash( $attribute_values[ $i ] ) ) ) );
// Custom attribute - Add attribute to array and set the values
$attributes[ sanitize_title( $attribute_names[ $i ] ) ] = array(
@ -2422,7 +2422,7 @@ class WC_AJAX {
// Get attributes
$attributes = array();
$posted_attributes = stripslashes_deep( $_POST['attributes'] );
$posted_attributes = wp_unslash( $_POST['attributes'] );
foreach ( $posted_attributes as $key => $value ) {
$attributes[ wc_clean( $key ) ] = array_map( 'wc_clean', $value );

2
includes/wc-attribute-functions.php
View File

@ -19,7 +19,7 @@ if ( ! defined( 'ABSPATH' ) ) {
* @return array
*/
function wc_get_text_attributes( $raw_attributes ) {
return array_map( 'trim', array_map( 'stripslashes', array_map( 'html_entity_decode', explode( WC_DELIMITER, $raw_attributes ) ) ) );
return array_map( 'trim', array_map( 'html_entity_decode', explode( WC_DELIMITER, $raw_attributes ) ) );
}
/**