merge in 1.13.3

Author: tw2113

custom-post-type-ui.php

@@ -16,7 +16,7 @@
  * Plugin URI: https://github.com/WebDevStudios/custom-post-type-ui/
  * Description: Admin panel for creating custom post types and custom taxonomies in WordPress
  * Author: WebDevStudios
- * Version: 1.13.2
+ * Version: 1.13.3
  * Author URI: https://webdevstudios.com/
  * Text Domain: custom-post-type-ui
  * Domain Path: /languages
@@ -33,8 +33,8 @@
 	exit;
 }
 
-define( 'CPT_VERSION', '1.13.2' ); // Left for legacy purposes.
-define( 'CPTUI_VERSION', '1.13.2' );
+define( 'CPT_VERSION', '1.13.3' ); // Left for legacy purposes.
+define( 'CPTUI_VERSION', '1.13.3' );
 define( 'CPTUI_WP_VERSION', get_bloginfo( 'version' ) );
 
 /**

inc/post-types.php

@@ -2030,6 +2030,10 @@ function cptui_update_post_type( $data = [] ) {
 		$data['cpt_supports'] = [];
 	}
 
+	if ( empty( $data['cpt_labels'] ) || ! is_array( $data['cpt_labels'] ) ) {
+		$data['cpt_labels'] = [];
+	}
+
 	foreach ( $data['cpt_labels'] as $key => $label ) {
 		if ( empty( $label ) ) {
 			unset( $data['cpt_labels'][ $key ] );
@@ -2045,8 +2049,9 @@ function cptui_update_post_type( $data = [] ) {
 		}
 	}
 
-	if ( empty( $data['cpt_custom_post_type']['menu_icon'] ) ) {
-		$data['cpt_custom_post_type']['menu_icon'] = null;
+	$menu_icon = trim( $data['cpt_custom_post_type']['menu_icon'] );
+	if ( '' === $data['cpt_custom_post_type']['menu_icon'] ) {
+		$menu_icon = null;
 	}
 
 	$register_meta_box_cb = trim( $data['cpt_custom_post_type']['register_meta_box_cb'] );
@@ -2081,7 +2086,6 @@ function cptui_update_post_type( $data = [] ) {
 	$query_var_slug        = trim( $data['cpt_custom_post_type']['query_var_slug'] );
 	$menu_position         = trim( $data['cpt_custom_post_type']['menu_position'] );
 	$show_in_menu_string   = trim( $data['cpt_custom_post_type']['show_in_menu_string'] );
-	$menu_icon             = trim( $data['cpt_custom_post_type']['menu_icon'] );
 	$custom_supports       = trim( $data['cpt_custom_post_type']['custom_supports'] );
 	$enter_title_here      = trim( $data['cpt_custom_post_type']['enter_title_here'] );
 
@@ -2347,7 +2351,7 @@ function cptui_process_post_type() {
 		} elseif ( isset( $_POST['cpt_delete'] ) ) {
 			check_admin_referer( 'cptui_addedit_post_type_nonce_action', 'cptui_addedit_post_type_nonce_field' );
 
-			$filtered_data = filter_input( INPUT_POST, 'cpt_custom_post_type', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+			$filtered_data = filter_input( INPUT_POST, 'cpt_custom_post_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 			$result        = cptui_delete_post_type( $filtered_data );
 			add_filter( 'cptui_post_type_deleted', '__return_true' );
 		}
@@ -2390,8 +2394,8 @@ function cptui_do_convert_post_type_posts() {
 	if ( apply_filters( 'cptui_convert_post_type_posts', false ) ) {
 		check_admin_referer( 'cptui_addedit_post_type_nonce_action', 'cptui_addedit_post_type_nonce_field' );
 
-		$original = filter_input( INPUT_POST, 'cpt_original', FILTER_SANITIZE_STRING );
-		$new      = filter_input( INPUT_POST, 'cpt_custom_post_type', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+		$original = filter_input( INPUT_POST, 'cpt_original', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+		$new      = filter_input( INPUT_POST, 'cpt_custom_post_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 
 		// Return early if either fails to successfully validate.
 		if ( ! $original || ! $new ) {
@@ -2451,7 +2455,7 @@ function cptui_filtered_post_type_post_global() {
 
 	$items_arrays = array_merge( $default_arrays, $third_party_items_arrays );
 	foreach ( $items_arrays as $item ) {
-		$first_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+		$first_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 
 		if ( $first_result ) {
 			$filtered_data[ $item ] = $first_result;
@@ -2471,7 +2475,7 @@ function cptui_filtered_post_type_post_global() {
 	$items_string = array_merge( $default_strings, $third_party_items_strings );
 
 	foreach ( $items_string as $item ) {
-		$second_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_STRING );
+		$second_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_FULL_SPECIAL_CHARS );
 		if ( $second_result ) {
 			$filtered_data[ $item ] = $second_result;
 		}

inc/taxonomies.php

@@ -1620,6 +1620,10 @@ function cptui_update_taxonomy( $data = [] ) {
 		return 'error';
 	}
 
+	if ( empty( $data['cpt_tax_labels'] ) || ! is_array( $data['cpt_tax_labels'] ) ) {
+		$data['cpt_tax_labels'] = [];
+	}
+
 	foreach ( $data['cpt_tax_labels'] as $key => $label ) {
 		if ( empty( $label ) ) {
 			unset( $data['cpt_tax_labels'][ $key ] );
@@ -1972,7 +1976,7 @@ function cptui_process_taxonomy() {
 		} elseif ( isset( $_POST['cpt_delete'] ) ) {
 			check_admin_referer( 'cptui_addedit_taxonomy_nonce_action', 'cptui_addedit_taxonomy_nonce_field' );
 
-			$filtered_data = filter_input( INPUT_POST, 'cpt_custom_tax', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+			$filtered_data = filter_input( INPUT_POST, 'cpt_custom_tax', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 			$result        = cptui_delete_taxonomy( $filtered_data );
 			add_filter( 'cptui_taxonomy_deleted', '__return_true' );
 		}
@@ -2012,8 +2016,8 @@ function cptui_do_convert_taxonomy_terms() {
 	if ( apply_filters( 'cptui_convert_taxonomy_terms', false ) ) {
 		check_admin_referer( 'cptui_addedit_taxonomy_nonce_action', 'cptui_addedit_taxonomy_nonce_field' );
 
-		$original = filter_input( INPUT_POST, 'tax_original', FILTER_SANITIZE_STRING );
-		$new      = filter_input( INPUT_POST, 'cpt_custom_tax', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+		$original = filter_input( INPUT_POST, 'tax_original', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+		$new      = filter_input( INPUT_POST, 'cpt_custom_tax', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 
 		// Return early if either fails to successfully validate.
 		if ( ! $original || ! $new ) {
@@ -2058,28 +2062,40 @@ function cptui_updated_taxonomy_slug_exists( $slug_exists, $taxonomy_slug = '',
 function cptui_filtered_taxonomy_post_global() {
 	$filtered_data = [];
 
-	foreach (
-		[
-			'cpt_custom_tax',
-			'cpt_tax_labels',
-			'cpt_post_types',
-			'update_taxonomy',
-		 ] as $item
-	) {
-		$first_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+	$default_arrays = [
+		'cpt_custom_tax',
+		'cpt_tax_labels',
+		'cpt_post_types',
+		'update_taxonomy',
+	];
+
+	$third_party_items_arrays = apply_filters(
+		'cptui_filtered_taxonomy_post_global_arrays',
+		(array) [] // phpcs:ignore.
+	);
+
+	$items_arrays = array_merge( $default_arrays, $third_party_items_arrays );
+	foreach ( $items_arrays as $item ) {
+		$first_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 
 		if ( $first_result ) {
 			$filtered_data[ $item ] = $first_result;
 		}
 	}
 
-	foreach (
-		[
-			'tax_original',
-			'cpt_tax_status',
-		 ] as $item
-	) {
-		$second_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_STRING );
+	$default_strings = [
+		'tax_original',
+		'cpt_tax_status',
+	];
+
+	$third_party_items_strings = apply_filters(
+		'cptui_filtered_taxonomy_post_global_strings',
+		(array) [] // phpcs:ignore.
+	);
+
+	$items_strings = array_merge( $default_strings, $third_party_items_strings );
+	foreach ( $items_strings as $item ) {
+		$second_result = filter_input( INPUT_POST, $item, FILTER_SANITIZE_FULL_SPECIAL_CHARS );
 		if ( $second_result ) {
 			$filtered_data[ $item ] = $second_result;
 		}

inc/utility.php

@@ -593,14 +593,14 @@ function cptui_admin_notices_helper( $message = '', $success = true ) {
  */
 function cptui_get_object_from_post_global() {
 	if ( isset( $_POST['cpt_custom_post_type']['name'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification
-		$type_item = filter_input( INPUT_POST, 'cpt_custom_post_type', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+		$type_item = filter_input( INPUT_POST, 'cpt_custom_post_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 		if ( $type_item ) {
 			return sanitize_text_field( $type_item['name'] );
 		}
 	}
 
 	if ( isset( $_POST['cpt_custom_tax']['name'] ) ) { // phpcs:ignore WordPress.Security.NonceVerification
-		$tax_item = filter_input( INPUT_POST, 'cpt_custom_tax', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY );
+		$tax_item = filter_input( INPUT_POST, 'cpt_custom_tax', FILTER_SANITIZE_FULL_SPECIAL_CHARS, FILTER_REQUIRE_ARRAY );
 		if ( $tax_item ) {
 			return sanitize_text_field( $tax_item['name'] );
 		}

readme.txt

@@ -4,7 +4,7 @@ Donate link: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_i
 Tags: custom post types, CPT, CMS, post, types, post type, taxonomy, tax, custom, content types, post types
 Requires at least: 5.9
 Tested up to: 6.1.1
-Stable tag: 1.13.2
+Stable tag: 1.13.3
 License: GPL-2.0+
 Requires PHP: 5.6
 
@@ -36,6 +36,11 @@ Custom Post Type UI development is managed on GitHub, with official releases pub
 
 == Changelog ==
 
+= 1.13.3 - 2022-12-15 =
+* Fixed: Multiple PHP8 compatibility notices and warnings.
+* Fixed: "Invalid argument for foreach" based notices around labels.
+* Updated: Added taxonomy PHP global sanitization for 3rd party parameters.
+
 = 1.13.2 - 2022-11-29 =
 * Fixed: Removed forcing of underscores in place of dashes for taxonomy slugs. Yay!
 * Updated: tested up to WP 6.1.1
@@ -83,6 +88,11 @@ Custom Post Type UI development is managed on GitHub, with official releases pub
 
 == Upgrade Notice ==
 
+= 1.13.3 - 2022-12-15 =
+* Fixed: Multiple PHP8 compatibility notices and warnings.
+* Fixed: "Invalid argument for foreach" based notices around labels.
+* Updated: Added taxonomy PHP global sanitization for 3rd party parameters.
+
 = 1.13.2 - 2022-11-29 =
 * Fixed: Removed forcing of underscores in place of dashes for taxonomy slugs. Yay!
 * Updated: tested up to WP 6.1.1