WordPress Plugin Reviewer

When you include POST/GET/REQUEST/FILE calls in your plugin, it’s important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.

My code is

// set options
public function set_options() {

$nonce = ‘kfw_options_nonce’. $this->unique;

if( isset( $_POST[$nonce] ) && wp_verify_nonce( $_POST[$nonce], ‘kfw_options_nonce’ ) ) {

$request = ( ! empty( $_POST[$this->unique] ) ) ? $_POST[$this->unique] : array();
$transient = ( ! empty( $_POST[‘kfw_transient’] ) ) ? $_POST[‘kfw_transient’] : array();
$section_id = ( ! empty( $transient[‘section’] ) ) ? $transient[‘section’] : ”;

// import data
if( ! empty( $transient[‘kfw_import_data’] ) ) {

$import_data = json_decode( stripslashes( trim( $transient[‘kfw_import_data’] ) ), true );
$request = ( is_array( $import_data ) ) ? $import_data : array();

$this->notice = esc_html__( ‘Success. Imported backup options.’, ‘kfw’ );

} else if( ! empty( $transient[‘reset’] ) ) {

foreach( $this->pre_fields as $field ) {
if( ! empty( $field[‘id’] ) ) {
$request[$field[‘id’]] = $this->get_default( $field );
}
}

$this->notice = esc_html__( ‘Default options restored.’, ‘kfw’ );

} else if( ! empty( $transient[‘reset_section’] ) && ! empty( $section_id ) ) {

if( ! empty( $this->pre_sections[$section_id-1][‘fields’] ) ) {

foreach( $this->pre_sections[$section_id-1][‘fields’] as $field ) {
if( ! empty( $field[‘id’] ) ) {
$request[$field[‘id’]] = $this->get_default( $field );
}
}

}

$this->notice = esc_html__( ‘Default options restored for only this section.’, ‘kfw’ );

}

Read more here:: WordPress Plugin Reviewer

Leave a Reply

Your email address will not be published. Required fields are marked *