sanitize

godaddy-wordpress · Mar 15, 2022 · e8c9670 · e8c9670
1 parent 5da336d
commit e8c9670
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/includes/class-coblocks-block-assets.php b/includes/class-coblocks-block-assets.php
@@ -524,27 +524,31 @@ protected function is_page_gutenberg() {
 
 		$admin_page = isset( $_SERVER['REQUEST_URI'] ) ? wp_basename( esc_url( filter_var( wp_unslash( $_SERVER['REQUEST_URI'] ), FILTER_SANITIZE_URL ) ) ) : false;
 
+		$post_type = sanitize_text_field( $_GET['post_type'] );
+		$post      = sanitize_text_field( $_GET['post'] );
+		$revision  = sanitize_text_field( $_GET['revision'] );
+
 		if ( ! $admin_page ) {
 			return false;
 		}
 
-		if ( false !== strpos( $admin_page, 'post-new.php' ) && empty( $_GET['post_type'] ) ) {
+		if ( false !== strpos( $admin_page, 'post-new.php' ) && empty( $post_type ) ) {
 			return true;
 		}
 
-		if ( false !== strpos( $admin_page, 'post-new.php' ) && isset( $_GET['post_type'] ) && $this->is_post_type_gutenberg( filter_input( INPUT_GET, wp_unslash( $_GET['post_type'] ), FILTER_SANITIZE_STRING ) ) ) {
+		if ( false !== strpos( $admin_page, 'post-new.php' ) && isset( $post_type ) && $this->is_post_type_gutenberg( filter_input( INPUT_GET, wp_unslash( $post_type ), FILTER_SANITIZE_STRING ) ) ) {
 			return true;
 		}
 
-		if ( false !== strpos( $admin_page, 'post.php' ) && isset( $_GET['post'] ) ) {
-			$wp_post = get_post( filter_input( INPUT_GET, wp_unslash( $_GET['post'] ), FILTER_SANITIZE_STRING ) );
+		if ( false !== strpos( $admin_page, 'post.php' ) && isset( $post ) ) {
+			$wp_post = get_post( filter_input( INPUT_GET, wp_unslash( $post ), FILTER_SANITIZE_STRING ) );
 			if ( isset( $wp_post ) && isset( $wp_post->post_type ) && $this->is_post_type_gutenberg( $wp_post->post_type ) ) {
 				return true;
 			}
 		}
 
-		if ( false !== strpos( $admin_page, 'revision.php' ) && isset( $_GET['revision'] ) ) {
-			$wp_post     = get_post( filter_input( INPUT_GET, wp_unslash( $_GET['revision'] ), FILTER_SANITIZE_STRING ) );
+		if ( false !== strpos( $admin_page, 'revision.php' ) && isset( $revision ) ) {
+			$wp_post     = get_post( filter_input( INPUT_GET, wp_unslash( $revision ), FILTER_SANITIZE_STRING ) );
 			$post_parent = get_post( $wp_post->post_parent );
 			if ( isset( $post_parent ) && isset( $post_parent->post_type ) && $this->is_post_type_gutenberg( $post_parent->post_type ) ) {
 				return true;