LBRYCommunity/lbrypress
1
0
Fork 0
Code Issues 27 Pull requests Projects Releases Packages Wiki Activity

sanitize supports add form

Browse source
This commit is contained in:
Lem Smyth 2022-02-27 11:40:05 -06:00
parent b6c1610be3
commit 3ed146d512
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
classes/LBRY_Admin.php
View file

@ -476,7 +476,7 @@ class LBRY_Admin
*/
public function add_supports()
{
if ( ( $_POST['post_id'] ) && ( $_POST['post_id'] !== null ) ) {
if ( ( $_POST['post_id'] ) && ( absint( $_POST['post_id'] ) ) ) {
$redirect_url = admin_url( add_query_arg( array( 'post' => $_POST['post_id'], 'action' => 'edit' ), 'post.php') );
} else {
$redirect_url = admin_url( add_query_arg( array( 'page' => 'lbrypress', 'tab' => 'channels' ), 'options.php' ) );

8
templates/supports-add-form.php
View file

@ -34,10 +34,10 @@ if ( current_user_can( 'manage_options' ) ) {
<form action="<?php echo esc_url( admin_url( 'admin-post.php' ) ); ?>" method="post" id="lbry_add_supports_form">
<input type="hidden" name="action" value="lbry_add_supports">
<input type="hidden" name="_lbrynonce" value="<?php echo $lbrynonce; ?>">
<input type="hidden" name="post_id" value="<?php echo $return_post; ?>">
<input type="hidden" name="lbry_url" value="<?php echo esc_attr($lbry_url); ?>">
<input type="hidden" name="supporting_channel" value="<?php echo $supporting_channel; ?>">
<input type="hidden" name="_lbrynonce" value="<?php echo esc_attr($lbrynonce); ?>">
<input type="hidden" name="post_id" value="<?php echo esc_attr($return_post); ?>">
<input type="hidden" name="lbry_url" value="<?php echo esc_url($lbry_url); ?>">
<input type="hidden" name="supporting_channel" value="<?php echo esc_attr($supporting_channel); ?>">
<h2><?php echo _e( 'Add Supports to Claim:', 'lbrypress' ); ?></h2>
<?php printf(