Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include a way to get request variables without sanatization #2232

Merged
merged 10 commits into from
Oct 23, 2024
Merged

Include a way to get request variables without sanatization #2232

merged 10 commits into from
Oct 23, 2024

Conversation

bordoni
Copy link
Member

@bordoni bordoni commented Oct 22, 2024
edited by jira bot
Loading

🎫 Ticket

TEC-5283

🗒️ Description

Resolves the problem where because we are using tribe_get_request_var it will strip all HTML.

📹 Artifact

https://i.bordoni.me/Zt3Zk5Bd

@bordoni bordoni added the code review Status: requires a code review. label Oct 22, 2024
@bordoni bordoni requested a review from Camwyn October 22, 2024 04:31
@bordoni bordoni self-assigned this Oct 22, 2024
dpanta94
dpanta94 requested changes Oct 22, 2024
View reviewed changes
Copy link
Member

@dpanta94 dpanta94 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code is good. I would prefer seeing another method though tribe_get_request_var_raw which would be used inside tribe_get_request_var, rather than a new parameter.

In most cases where we want a get param to check its value, we want to use the tribe_get_request_var_raw, if what we want to get needs to be saved or displayed we need tribe_get_request_var :D

dpanta94
dpanta94 previously approved these changes Oct 22, 2024
View reviewed changes
Camwyn
Camwyn requested changes Oct 22, 2024
View reviewed changes
Copy link
Member

@Camwyn Camwyn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small tweaks and maybe less phpcs noise?

src/functions/utils.php Outdated
}

if ( isset( $_POST ) ) {
$requests[] = (array) $_POST;
$requests[] = (array) $_POST; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.NonceVerification.Recommended
Copy link
Member

@Camwyn Camwyn Oct 22, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just disable at the beginning of the function and re-enable at the end?
i.e

function tribe_get_request_var_raw() {
  // phpcs:disable
  ...
  // phpcs:enable
}

(can be specific or not here)

src/functions/utils.php Outdated Show resolved Hide resolved
dpanta94
dpanta94 previously approved these changes Oct 22, 2024
View reviewed changes
Copy link
Member

@dpanta94 dpanta94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The code looks good - Why EVA tests are failing though ?

@bordoni bordoni changed the base branch from master to release/T24.ewah October 22, 2024 19:31
@bordoni bordoni merged commit d234da7 into release/T24.ewah Oct 23, 2024
13 of 17 checks passed
@bordoni bordoni deleted the fix/TEC-5283-before-after-removing-html branch October 23, 2024 18:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Camwyn Camwyn Camwyn requested changes

@dpanta94 dpanta94 dpanta94 left review comments

Assignees

@bordoni bordoni

Labels
code review Status: requires a code review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@bordoni @Camwyn @dpanta94