Escaping $_POST

Implementing feedback from the WordPress Plugin Review Team, because I was sloppy. 🤦‍♂️
2023-01-05 13:43:46 -08:00 · 2023-01-05 13:43:46 -08:00 · c1df116b37
commit c1df116b37
parent d157b1fb26
1 changed files with 2 additions and 2 deletions
--- a/biscotti.php
+++ b/biscotti.php
@ -67,7 +67,7 @@ function biscotti_login_cookie_expiration_form_fields_update( $user_id )
    if (! current_user_can('edit_user', $user_id) ) {
        return;
    }
-    update_user_meta($user_id, 'biscotti_login_cookie_expiration', $_POST['biscotti_login_cookie_expiration']);
+    update_user_meta($user_id, 'biscotti_login_cookie_expiration', esc_attr($_POST['biscotti_login_cookie_expiration']));
 }

 // Save the chosen login cookie expiration date when the user profile is updated.
@ -96,4 +96,4 @@ function biscotti_login_cookie_expiration_set_auth_cookie( $auth_cookie_data )
 }

 // Modify the expiration of the logged in user cookie when a user logs into the site.
-add_filter('auth_cookie_expiration', 'biscotti_login_cookie_expiration_set_auth_cookie', 10, 3);
+add_filter('auth_cookie_expiration', 'biscotti_login_cookie_expiration_set_auth_cookie', 10, 3);