Skip to content
Permalink
Browse files

clean & sanitize user input for date & number saving

  • Loading branch information...
Spreeuw committed Feb 13, 2019
1 parent 2689535 commit 684ae3dcc644b27638a29b38b1afd7191493dac3
Showing with 11 additions and 1 deletion.
  1. +11 −1 includes/class-wcpdf-admin.php
@@ -440,14 +440,24 @@ public function save_invoice_number_date($post_id) {
$date = $_POST['wcpdf_invoice_date'];
$hour = !empty( $_POST['wcpdf_invoice_date_hour'] ) ? $_POST['wcpdf_invoice_date_hour'] : '00';
$minute = !empty( $_POST['wcpdf_invoice_date_minute'] ) ? $_POST['wcpdf_invoice_date_minute'] : '00';
// clean & sanitize input
$date = date( 'Y-m-d', strtotime( $date ) );
$hour = sprintf('%02d', intval( $hour ));
$minute = sprintf('%02d', intval( $minute ) );
$invoice_date = "{$date} {$hour}:{$minute}:00";
// set date
$invoice->set_date( $invoice_date );
} elseif ( empty( $_POST['wcpdf_invoice_date'] ) && !empty( $_POST['_wcpdf_invoice_number'] ) ) {
$invoice->set_date( current_time( 'timestamp', true ) );
}
if ( isset( $_POST['_wcpdf_invoice_number'] ) ) {
$invoice->set_number( $_POST['_wcpdf_invoice_number'] );
// sanitize
$invoice_number = sanitize_text_field( $_POST['_wcpdf_invoice_number'] );
// set number
$invoice->set_number( $invoice_number );
}
$invoice->save();

0 comments on commit 684ae3d

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.