diff --git a/phpcs.xml b/phpcs.xml
index d5a4b056..7a317ae8 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -11,7 +11,6 @@
-
diff --git a/src/class-tiny-notices.php b/src/class-tiny-notices.php
index 0c48e1df..d946d813 100644
--- a/src/class-tiny-notices.php
+++ b/src/class-tiny-notices.php
@@ -153,7 +153,8 @@ public function dismiss() {
exit();
}
$this->load_dismissals();
- $this->dismissals[ $_POST['name'] ] = true;
+ $notice_name = sanitize_key( wp_unslash( $_POST['name'] ) );
+ $this->dismissals[ $notice_name ] = true;
$this->save_dismissals();
echo json_encode( true );
exit();
diff --git a/src/class-tiny-plugin.php b/src/class-tiny-plugin.php
index 0af97fe6..b68a10b9 100644
--- a/src/class-tiny-plugin.php
+++ b/src/class-tiny-plugin.php
@@ -437,15 +437,18 @@ public function async_compress_on_upload( $metadata, $attachment_id ) {
public function process_rpc_request() {
if (
empty( $_POST['tiny_rpc_action'] ) ||
- empty( $_POST['tiny_rpc_hash'] ) ||
- 32 !== strlen( $_POST['tiny_rpc_hash'] )
+ empty( $_POST['tiny_rpc_hash'] )
) {
exit();
}
- $rpc_hash = sanitize_key( $_POST['tiny_rpc_hash'] );
- $user_id = absint( get_transient( 'tiny_rpc_' . $rpc_hash ) );
- $user = $user_id ? get_userdata( $user_id ) : false;
+ $rpc_hash = sanitize_key( wp_unslash( $_POST['tiny_rpc_hash'] ) );
+ if ( 32 !== strlen( $rpc_hash ) ) {
+ exit();
+ }
+
+ $user_id = absint( get_transient( 'tiny_rpc_' . $rpc_hash ) );
+ $user = $user_id ? get_userdata( $user_id ) : false;
/* We no longer need the transient. */
delete_transient( 'tiny_rpc_' . $rpc_hash );
@@ -460,7 +463,7 @@ public function process_rpc_request() {
}
/* Now that everything is checked, perform the actual action. */
- $action = $_POST['tiny_rpc_action'];
+ $action = sanitize_key( wp_unslash( $_POST['tiny_rpc_action'] ) );
unset(
$_POST['action'],
$_POST['tiny_rpc_action'],
@@ -471,12 +474,17 @@ public function process_rpc_request() {
}
public function compress_on_upload() {
- if ( ! wp_verify_nonce( $_POST['_ajax_nonce'], 'new_media-' . $_POST['attachment_id'] ) ) {
+ $nonce = isset( $_POST['_ajax_nonce'] ) ?
+ sanitize_key( wp_unslash( $_POST['_ajax_nonce'] ) ) : '';
+ $attachment_id = isset( $_POST['attachment_id'] ) ?
+ intval( wp_unslash( $_POST['attachment_id'] ) ) : 0;
+
+ if ( ! wp_verify_nonce( $nonce, 'new_media-' . $attachment_id ) ) {
exit;
}
if ( current_user_can( 'upload_files' ) ) {
- $attachment_id = intval( $_POST['attachment_id'] );
- $metadata = $_POST['metadata'];
+ // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+ $metadata = isset( $_POST['metadata'] ) ? wp_unslash( $_POST['metadata'] ) : array();
if ( is_array( $metadata ) ) {
$tiny_image = new Tiny_Image( $this->settings, $attachment_id, $metadata );
@@ -606,7 +614,9 @@ public function compress_image_for_bulk() {
);
wp_update_attachment_metadata( $id, $tiny_image->get_wp_metadata() );
- $current_library_size = intval( $_POST['current_size'] );
+ $current_library_size = isset( $_POST['current_size'] ) ?
+ intval( wp_unslash( $_POST['current_size'] ) )
+ : 0;
$size_after = $image_statistics['compressed_total_size'];
$new_library_size = $current_library_size + $size_after - $size_before;
@@ -670,8 +680,10 @@ public function ajax_compression_status() {
public function media_library_bulk_action() {
$valid_actions = array( 'tiny_bulk_action', 'tiny_bulk_mark_compressed' );
- $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : '';
- $action2 = isset( $_REQUEST['action2'] ) ? $_REQUEST['action2'] : '';
+ $action = isset( $_REQUEST['action'] ) ?
+ sanitize_key( wp_unslash( $_REQUEST['action'] ) ) : '';
+ $action2 = isset( $_REQUEST['action2'] ) ?
+ sanitize_key( wp_unslash( $_REQUEST['action2'] ) ) : '';
if (
! in_array( $action, $valid_actions, true ) &&
@@ -679,24 +691,35 @@ public function media_library_bulk_action() {
) {
return;
}
- if ( empty( $_REQUEST['media'] ) || ( ! $_REQUEST['media'] ) ) {
+ $media = isset( $_REQUEST['media'] ) ?
+ array_map( 'intval', wp_unslash( (array) $_REQUEST['media'] ) )
+ : array();
+ if ( empty( $media ) ) {
$_REQUEST['action'] = '';
return;
}
check_admin_referer( 'bulk-media' );
- $ids = implode( '-', array_map( 'intval', $_REQUEST['media'] ) );
+ $ids = implode( '-', $media );
$location = 'upload.php?mode=list&ids=' . $ids;
- $location = add_query_arg( 'action', $_REQUEST['action'], $location );
+ $location = add_query_arg( 'action', $action, $location );
if ( ! empty( $_REQUEST['paged'] ) ) {
$location = add_query_arg( 'paged', absint( $_REQUEST['paged'] ), $location );
}
if ( ! empty( $_REQUEST['s'] ) ) {
- $location = add_query_arg( 's', $_REQUEST['s'], $location );
+ $location = add_query_arg(
+ 's',
+ sanitize_text_field( wp_unslash( $_REQUEST['s'] ) ),
+ $location
+ );
}
if ( ! empty( $_REQUEST['m'] ) ) {
- $location = add_query_arg( 'm', $_REQUEST['m'], $location );
+ $location = add_query_arg(
+ 'm',
+ sanitize_text_field( wp_unslash( $_REQUEST['m'] ) ),
+ $location
+ );
}
wp_safe_redirect( admin_url( $location ) );
diff --git a/src/class-tiny-settings.php b/src/class-tiny-settings.php
index f0c94065..58d6049a 100644
--- a/src/class-tiny-settings.php
+++ b/src/class-tiny-settings.php
@@ -161,8 +161,10 @@ public function add_options_to_page() {
public function image_sizes_notice() {
if ( current_user_can( 'manage_options' ) ) {
+ $selected_sizes = isset( $_GET['image_sizes_selected'] ) ?
+ intval( $_GET['image_sizes_selected'] ) : 0;
$this->render_size_checkboxes_description(
- $_GET['image_sizes_selected'],
+ $selected_sizes,
isset( $_GET['resize_original'] ),
isset( $_GET['compress_wr2x'] ),
self::get_conversion_enabled()
@@ -835,7 +837,7 @@ public function create_api_key() {
'message' => 'This feature requires certain user capabilities',
);
} elseif ( $compressor->can_create_key() ) {
- if ( ! isset( $_POST['name'] ) || ! $_POST['name'] ) {
+ if ( empty( $_POST['name'] ) ) {
$status = (object) array(
'ok' => false,
'message' => __(
@@ -847,7 +849,7 @@ public function create_api_key() {
exit();
}
- if ( ! isset( $_POST['email'] ) || ! $_POST['email'] ) {
+ if ( empty( $_POST['email'] ) ) {
$status = (object) array(
'ok' => false,
'message' => __(
@@ -868,9 +870,9 @@ public function create_api_key() {
$identifier = 'WordPress plugin for ' . $site;
$link = $this->get_absolute_url();
$compressor->create_key(
- $_POST['email'],
+ sanitize_email( wp_unslash( $_POST['email'] ) ),
array(
- 'name' => $_POST['name'],
+ 'name' => sanitize_text_field( wp_unslash( $_POST['name'] ) ),
'identifier' => $identifier,
'link' => $link,
)
@@ -903,24 +905,27 @@ public function create_api_key() {
}
public function update_api_key() {
- $key = $_POST['key'];
if ( ! $this->check_ajax_referer() ) {
exit;
}
+
+ $key = null;
if ( ! current_user_can( 'manage_options' ) ) {
$status = (object) array(
'ok' => false,
'message' => 'This feature requires certain user capabilities',
);
- } elseif ( empty( $key ) ) {
+ } elseif ( empty( $_POST['key'] ) ) {
/* Always save if key is blank, so the key can be deleted. */
$status = (object) array(
'ok' => true,
'message' => null,
);
} else {
+ $key = sanitize_text_field( wp_unslash( $_POST['key'] ) );
$status = Tiny_Compress::create( $key )->get_status();
}
+
if ( $status->ok ) {
update_option( self::get_prefixed_name( 'api_key_pending' ), false );
update_option( self::get_prefixed_name( 'api_key' ), $key );
diff --git a/src/views/compress-details.php b/src/views/compress-details.php
index 9b6431d4..b3a0f58a 100644
--- a/src/views/compress-details.php
+++ b/src/views/compress-details.php
@@ -24,7 +24,8 @@
$images_to_compress = array();
if ( ! empty( $_REQUEST['ids'] ) ) {
- $images_to_compress = array_map( 'intval', explode( '-', $_REQUEST['ids'] ) );
+ $request_ids = sanitize_text_field( wp_unslash( $_REQUEST['ids'] ) );
+ $images_to_compress = array_map( 'intval', explode( '-', $request_ids ) );
}
?>