Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php')
-rw-r--r--plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php12
1 files changed, 6 insertions, 6 deletions
diff --git a/plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php b/plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php
index 080cf508..b704b92c 100644
--- a/plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php
+++ b/plugins/jetpack/modules/calypsoify/class-jetpack-calypsoify.php
@@ -100,7 +100,7 @@ class Jetpack_Calypsoify {
* @return string
*/
private function get_calypso_origin() {
- $origin = ! empty( $_GET['origin'] ) ? $_GET['origin'] : 'https://wordpress.com'; // phpcs:ignore WordPress.Security.NonceVerification.Recommended
+ $origin = ! empty( $_GET['origin'] ) ? wp_unslash( $_GET['origin'] ) : 'https://wordpress.com'; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
$allowed = array(
'http://calypso.localhost:3000',
'http://127.0.0.1:41050', // Desktop App.
@@ -124,7 +124,7 @@ class Jetpack_Calypsoify {
$post_type = $screen->post_type;
$site_suffix = ( new Status() )->get_site_suffix();
- if ( is_null( $post_id ) ) {
+ if ( $post_id === null ) {
// E.g. posts or pages have no special suffix. CPTs are in the `types/{cpt}` format.
$post_type_suffix = ( 'post' === $post_type || 'page' === $post_type )
? "/${post_type}s/"
@@ -192,25 +192,25 @@ class Jetpack_Calypsoify {
public function is_page_gutenberg() {
// phpcs:disable WordPress.Security.NonceVerification.Recommended
// Disabling WordPress.Security.NonceVerification.Recommended because this function fires within admin_init and this is only changing display.
- $page = wp_basename( esc_url( $_SERVER['REQUEST_URI'] ) );
+ $page = isset( $_SERVER['REQUEST_URI'] ) ? wp_basename( esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) ) : '';
if ( false !== strpos( $page, 'post-new.php' ) && empty( $_GET['post_type'] ) ) {
return true;
}
- if ( false !== strpos( $page, 'post-new.php' ) && isset( $_GET['post_type'] ) && $this->is_post_type_gutenberg( $_GET['post_type'] ) ) {
+ if ( false !== strpos( $page, 'post-new.php' ) && isset( $_GET['post_type'] ) && $this->is_post_type_gutenberg( sanitize_key( $_GET['post_type'] ) ) ) {
return true;
}
if ( false !== strpos( $page, 'post.php' ) ) {
- $post = get_post( $_GET['post'] );
+ $post = get_post( isset( $_GET['post'] ) ? intval( $_GET['post'] ) : null );
if ( isset( $post ) && isset( $post->post_type ) && $this->is_post_type_gutenberg( $post->post_type ) ) {
return true;
}
}
if ( false !== strpos( $page, 'revision.php' ) ) {
- $post = get_post( $_GET['revision'] );
+ $post = get_post( isset( $_GET['revision'] ) ? intval( $_GET['revision'] ) : null );
$parent = get_post( $post->post_parent );
if ( isset( $parent ) && isset( $parent->post_type ) && $this->is_post_type_gutenberg( $parent->post_type ) ) {
return true;