diff --git a/admin/rt-transcoder-handler.php b/admin/rt-transcoder-handler.php index 6d00a33c..be2a8cea 100755 --- a/admin/rt-transcoder-handler.php +++ b/admin/rt-transcoder-handler.php @@ -319,7 +319,6 @@ public function get_thumbnails_required( $attachment_id = '' ) { $thumb_count = apply_filters( 'rt_media_total_video_thumbnails', $thumb_count, $attachment_id ); return $thumb_count > 10 ? 10 : $thumb_count; - } /** @@ -489,8 +488,10 @@ public function save_api_key() { add_action( 'admin_notices', array( $this, 'public_host_needed_notice' ) ); } - $apikey = trim( transcoder_filter_input( INPUT_GET, 'apikey', FILTER_SANITIZE_STRING ) ); - $page = transcoder_filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING ); + $filtered_apikey = transcoder_filter_input( INPUT_GET, 'apikey', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); + $apikey = ! empty( $filtered_apikey ) ? trim( $filtered_apikey ) : ''; + + $page = transcoder_filter_input( INPUT_GET, 'page', FILTER_SANITIZE_FULL_SPECIAL_CHARS ); if ( ! empty( $apikey ) && is_admin() && ! empty( $page ) && ( 'rt-transcoder' === $page ) ) { /* Do not activate transcoding service on localhost */ @@ -1332,14 +1333,12 @@ public function upload_dir( $upload_dir ) { $rtmedia_upload_prefix = 'groups/'; $id = $this->uploaded['context_id']; } - } else { - if ( 'group' !== $rtmedia_interaction->context->type ) { + } elseif ( 'group' !== $rtmedia_interaction->context->type ) { $rtmedia_upload_prefix = 'users/'; $id = $this->uploaded['media_author']; - } else { - $rtmedia_upload_prefix = 'groups/'; - $id = $rtmedia_interaction->context->id; - } + } else { + $rtmedia_upload_prefix = 'groups/'; + $id = $rtmedia_interaction->context->id; } if ( ! $id ) { @@ -1366,11 +1365,15 @@ public function upload_dir( $upload_dir ) { * @param string $message Email message. * @param boolean $include_admin If true then send an email to admin also else not. */ - public function send_notification( $email_ids = array(), $subject, $message, $include_admin = true ) { + public function send_notification( $email_ids, $subject, $message, $include_admin = true ) { if ( defined( 'RT_TRANSCODER_NO_MAIL' ) ) { return; } + if ( ! is_array( $email_ids ) ) { + $email_ids = array(); + } + if ( empty( $subject ) || empty( $message ) ) { return true; } @@ -1629,7 +1632,6 @@ class_exists( 'ImagickPixel', false ) && } $this->wp_media_transcoding( array( 'mime_type' => 'application/pdf' ), $post_id ); - } /** diff --git a/inc/helpers/custom-functions.php b/inc/helpers/custom-functions.php index 03d49364..36f1c885 100644 --- a/inc/helpers/custom-functions.php +++ b/inc/helpers/custom-functions.php @@ -21,7 +21,7 @@ * @return mixed Value of the requested variable on success, FALSE if the filter fails, or NULL if the * variable_name variable is not set. */ -function transcoder_filter_input( $type, $variable_name, $filter = FILTER_DEFAULT, $options = null ) { +function transcoder_filter_input( $type, $variable_name, $filter = FILTER_DEFAULT, $options = 0 ) { if ( php_sapi_name() !== 'cli' ) { @@ -118,5 +118,4 @@ function transcoder_filter_input( $type, $variable_name, $filter = FILTER_DEFAUL // phpcs:enable WordPress.Security.NonceVerification.Recommended, WordPress.Security.NonceVerification.Missing, WordPressVIPMinimum.Variables.RestrictedVariables.cache_constraints___COOKIE return filter_var( $input, $filter ); - }