From d11169077faa495ad9289de43bcfa425186f246f Mon Sep 17 00:00:00 2001 From: Torben Lundsgaard Date: Tue, 15 Oct 2024 09:40:39 +0200 Subject: [PATCH] Sanitise input --- src/Installation/AutomaticUpdates.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Installation/AutomaticUpdates.php b/src/Installation/AutomaticUpdates.php index 1d9dd3b..d201ef1 100644 --- a/src/Installation/AutomaticUpdates.php +++ b/src/Installation/AutomaticUpdates.php @@ -58,8 +58,8 @@ public static function instance(): self { public function wp_option_updated( $option, $value, $old_value = [] ): void { if ( defined( 'DOING_AJAX' ) && DOING_AJAX && ! empty( $_POST['asset'] ) && ! empty( $_POST['state'] ) ) { // @phpcs:ignore WordPress.Security.NonceVerification.Missing // Option is being updated by the ajax request performed when using the enable/disable auto-updates links on the plugins page. - $asset = sanitize_text_field( urldecode( $_POST['asset'] ) ); // @phpcs:ignore WordPress.Security.NonceVerification.Missing - if ( $asset !== GTMKIT_BASENAME ) { + + if ( sanitize_text_field( $_POST['asset'] ) !== GTMKIT_BASENAME ) { // @phpcs:ignore WordPress.Security.NonceVerification.Missing return; }