Correction des failles de sécurités
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
-
- // Try to locate in theme first
return $template;
} else {
-
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
return $template;
} else {
$locations = array(
join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, '')),
- join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')), //plugin $settings['templates'] folder
+ join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')),
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
return $template;
} else {
$locations = array(
join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, '')),
- join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')), //plugin $settings['templates'] folder
+ join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')),
);
foreach ($locations as $location) {
@@ -135,6 +130,7 @@ class Belead_formations_Public
}
}
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
return $template;
} else {
$locations = array(
join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, '')),
- join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')), //plugin $settings['templates'] folder
+ join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')),
);
foreach ($locations as $location) {
@@ -135,6 +130,7 @@ class Belead_formations_Public
}
}
+ error_log("Template not found for custom post type: " . $settings['custom']);
return $template;
}
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
return $template;
} else {
$locations = array(
join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, '')),
- join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')), //plugin $settings['templates'] folder
+ join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')),
);
foreach ($locations as $location) {
@@ -135,6 +130,7 @@ class Belead_formations_Public
}
}
+ error_log("Template not found for custom post type: " . $settings['custom']);
return $template;
}
}
@@ -143,44 +139,36 @@ class Belead_formations_Public
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
return $template;
} else {
$locations = array(
join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, '')),
- join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')), //plugin $settings['templates'] folder
+ join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')),
);
foreach ($locations as $location) {
@@ -135,6 +130,7 @@ class Belead_formations_Public
}
}
+ error_log("Template not found for custom post type: " . $settings['custom']);
return $template;
}
}
@@ -143,44 +139,36 @@ class Belead_formations_Public
function register_rest_routes()
{
:...skipping...
diff --git a/admin/class-belead_formations-admin.php b/admin/class-belead_formations-admin.php
index a69cc67..3dce7b6 100644
--- a/admin/class-belead_formations-admin.php
+++ b/admin/class-belead_formations-admin.php
@@ -826,7 +826,9 @@ class Belead_formations_Admin {
}
foreach($custom_fields_register as $cfr) {
- update_user_meta( $user_id, $cfr, $_POST[$cfr] );
+ if (isset($_POST[$cfr])) {
+ update_user_meta( $user_id, $cfr, sanitize_text_field($_POST[$cfr]) );
+ }
}
}
diff --git a/public/class-belead_formations-public.php b/public/class-belead_formations-public.php
index c718a8b..73d6919 100644
--- a/public/class-belead_formations-public.php
+++ b/public/class-belead_formations-public.php
@@ -107,6 +107,7 @@ class Belead_formations_Public
function locate_template($template, $settings, $page_type)
{
+ $settings['custom'] = sanitize_text_field($settings['custom']);
$theme_files = array(
$page_type . '-' . $settings['custom'] . '.php',
@@ -116,17 +117,11 @@ class Belead_formations_Public
$exists_in_theme = locate_template($theme_files, false);
if ($exists_in_theme != '') {
return $template;
} else {
$locations = array(
join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, '')),
- join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')), //plugin $settings['templates'] folder
+ join(DIRECTORY_SEPARATOR, array(WP_PLUGIN_DIR, $this->plugin_name, $settings['templates_dir'], '')),
);
foreach ($locations as $location) {
@@ -135,6 +130,7 @@ class Belead_formations_Public
}
}
+ error_log("Template not found for custom post type: " . $settings['custom']);
return $template;
}
}
@@ -143,44 +139,36 @@ class Belead_formations_Public
function register_rest_routes()
{
-
:```