I tried to submit new plugin at wordpress and the reviewer sent me the below message concerning my code in these lines could you please tell me what is the alternative code can I add to make the reviewer approved my plugin The reviewer Comment>> "When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues. "
My code is
// set options
public function set_options() {
$nonce = 'kfw_options_nonce'. $this->unique;
if( isset( $_POST[$nonce] ) && wp_verify_nonce( $_POST[$nonce], 'kfw_options_nonce' ) ) {
$request = ( ! empty( $_POST[$this->unique] ) ) ? $_POST[$this->unique] : array();
$transient = ( ! empty( $_POST['kfw_transient'] ) ) ? $_POST['kfw_transient'] : array();
$section_id = ( ! empty( $transient['section'] ) ) ? $transient['section'] : '';
// import data
if( ! empty( $transient['kfw_import_data'] ) ) {
$import_data = json_decode( stripslashes( trim( $transient['kfw_import_data'] ) ), true );
$request = ( is_array( $import_data ) ) ? $import_data : array();
$this->notice = esc_html__( 'Success. Imported backup options.', 'kfw' );
} else if( ! empty( $transient['reset'] ) ) {
foreach( $this->pre_fields as $field ) {
if( ! empty( $field['id'] ) ) {
$request[$field['id']] = $this->get_default( $field );
}
}
$this->notice = esc_html__( 'Default options restored.', 'kfw' );
} else if( ! empty( $transient['reset_section'] ) && ! empty( $section_id ) ) {
if( ! empty( $this->pre_sections[$section_id-1]['fields'] ) ) {
foreach( $this->pre_sections[$section_id-1]['fields'] as $field ) {
if( ! empty( $field['id'] ) ) {
$request[$field['id']] = $this->get_default( $field );
}
}
}
$this->notice = esc_html__( 'Default options restored for only this section.', 'kfw' );
}
I tried to submit new plugin at wordpress and the reviewer sent me the below message concerning my code in these lines could you please tell me what is the alternative code can I add to make the reviewer approved my plugin The reviewer Comment>> "When you include POST/GET/REQUEST/FILE calls in your plugin, it's important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues. "
My code is
// set options
public function set_options() {
$nonce = 'kfw_options_nonce'. $this->unique;
if( isset( $_POST[$nonce] ) && wp_verify_nonce( $_POST[$nonce], 'kfw_options_nonce' ) ) {
$request = ( ! empty( $_POST[$this->unique] ) ) ? $_POST[$this->unique] : array();
$transient = ( ! empty( $_POST['kfw_transient'] ) ) ? $_POST['kfw_transient'] : array();
$section_id = ( ! empty( $transient['section'] ) ) ? $transient['section'] : '';
// import data
if( ! empty( $transient['kfw_import_data'] ) ) {
$import_data = json_decode( stripslashes( trim( $transient['kfw_import_data'] ) ), true );
$request = ( is_array( $import_data ) ) ? $import_data : array();
$this->notice = esc_html__( 'Success. Imported backup options.', 'kfw' );
} else if( ! empty( $transient['reset'] ) ) {
foreach( $this->pre_fields as $field ) {
if( ! empty( $field['id'] ) ) {
$request[$field['id']] = $this->get_default( $field );
}
}
$this->notice = esc_html__( 'Default options restored.', 'kfw' );
} else if( ! empty( $transient['reset_section'] ) && ! empty( $section_id ) ) {
if( ! empty( $this->pre_sections[$section_id-1]['fields'] ) ) {
foreach( $this->pre_sections[$section_id-1]['fields'] as $field ) {
if( ! empty( $field['id'] ) ) {
$request[$field['id']] = $this->get_default( $field );
}
}
}
$this->notice = esc_html__( 'Default options restored for only this section.', 'kfw' );
}
1 Answer
Reset to default 0You can use sanitization and escaping functions that WordPress provides
for example, you might need to do this:
$sanitize_value = sanitize_text_field( $_POST[$this->unique] );
Here are the detail that you needed. https://codex.wordpress/Validating_Sanitizing_and_Escaping_User_Data