From c1df116b37a0a66c27095a121f408e0676bb7251 Mon Sep 17 00:00:00 2001
From: Jason Cosper <boogah@gmail.com>
Date: Thu, 5 Jan 2023 13:43:46 -0800
Subject: [PATCH] Escaping $_POST
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Implementing feedback from the WordPress Plugin Review Team, because I was sloppy. 🤦‍♂️
---
 biscotti.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/biscotti.php b/biscotti.php
index efec995..02080ab 100644
--- a/biscotti.php
+++ b/biscotti.php
@@ -67,7 +67,7 @@ function biscotti_login_cookie_expiration_form_fields_update( $user_id )
     if (! current_user_can('edit_user', $user_id) ) {
         return;
     }
-    update_user_meta($user_id, 'biscotti_login_cookie_expiration', $_POST['biscotti_login_cookie_expiration']);
+    update_user_meta($user_id, 'biscotti_login_cookie_expiration', esc_attr($_POST['biscotti_login_cookie_expiration']));
 }
 
 // Save the chosen login cookie expiration date when the user profile is updated.
@@ -96,4 +96,4 @@ function biscotti_login_cookie_expiration_set_auth_cookie( $auth_cookie_data )
 }
 
 // Modify the expiration of the logged in user cookie when a user logs into the site.
-add_filter('auth_cookie_expiration', 'biscotti_login_cookie_expiration_set_auth_cookie', 10, 3);
\ No newline at end of file
+add_filter('auth_cookie_expiration', 'biscotti_login_cookie_expiration_set_auth_cookie', 10, 3);