diff --git a/admin/class-nginx-helper-admin.php b/admin/class-nginx-helper-admin.php
index d94d86b9..a024e318 100644
--- a/admin/class-nginx-helper-admin.php
+++ b/admin/class-nginx-helper-admin.php
@@ -679,12 +679,20 @@ public function purge_all() {
global $nginx_purger, $wp;
- $method = filter_input( INPUT_SERVER, 'REQUEST_METHOD', FILTER_SANITIZE_STRING );
+ $method = null;
+ if ( isset( $_SERVER['REQUEST_METHOD'] ) ) {
+ $method = wp_strip_all_tags( $_SERVER['REQUEST_METHOD'] );
+ }
+ $action = '';
if ( 'POST' === $method ) {
- $action = filter_input( INPUT_POST, 'nginx_helper_action', FILTER_SANITIZE_STRING );
+ if ( isset( $_POST['nginx_helper_action'] ) ) {
+ $action = wp_strip_all_tags( $_POST['nginx_helper_action'] );
+ }
} else {
- $action = filter_input( INPUT_GET, 'nginx_helper_action', FILTER_SANITIZE_STRING );
+ if ( isset( $_GET['nginx_helper_action'] ) ) {
+ $action = wp_strip_all_tags( $_GET['nginx_helper_action'] );
+ }
}
if ( empty( $action ) ) {
@@ -725,12 +733,12 @@ public function purge_all() {
if ( 'purge' === $action ) {
- /**
- * Fire an action after the entire cache has been purged whatever caching type is used.
- *
- * @since 2.2.2
- */
- do_action( 'rt_nginx_helper_after_purge_all' );
+ /**
+ * Fire an action after the entire cache has been purged whatever caching type is used.
+ *
+ * @since 2.2.2
+ */
+ do_action( 'rt_nginx_helper_after_purge_all' );
}
diff --git a/admin/partials/nginx-helper-admin-display.php b/admin/partials/nginx-helper-admin-display.php
index 175e3ed1..bd153714 100644
--- a/admin/partials/nginx-helper-admin-display.php
+++ b/admin/partials/nginx-helper-admin-display.php
@@ -25,7 +25,7 @@
';
diff --git a/admin/partials/nginx-helper-general-options.php b/admin/partials/nginx-helper-general-options.php
index 0dc388a4..87f2e32d 100644
--- a/admin/partials/nginx-helper-general-options.php
+++ b/admin/partials/nginx-helper-general-options.php
@@ -15,33 +15,39 @@
$error_log_filesize = false;
$args = array(
- 'enable_purge' => FILTER_SANITIZE_STRING,
- 'enable_stamp' => FILTER_SANITIZE_STRING,
- 'purge_method' => FILTER_SANITIZE_STRING,
- 'is_submit' => FILTER_SANITIZE_STRING,
- 'redis_hostname' => FILTER_SANITIZE_STRING,
- 'redis_port' => FILTER_SANITIZE_STRING,
- 'redis_prefix' => FILTER_SANITIZE_STRING,
- 'purge_homepage_on_edit' => FILTER_SANITIZE_STRING,
- 'purge_homepage_on_del' => FILTER_SANITIZE_STRING,
- 'purge_url' => FILTER_SANITIZE_STRING,
- 'log_level' => FILTER_SANITIZE_STRING,
- 'log_filesize' => FILTER_SANITIZE_STRING,
- 'smart_http_expire_save' => FILTER_SANITIZE_STRING,
- 'cache_method' => FILTER_SANITIZE_STRING,
- 'enable_map' => FILTER_SANITIZE_STRING,
- 'enable_log' => FILTER_SANITIZE_STRING,
- 'purge_archive_on_edit' => FILTER_SANITIZE_STRING,
- 'purge_archive_on_del' => FILTER_SANITIZE_STRING,
- 'purge_archive_on_new_comment' => FILTER_SANITIZE_STRING,
- 'purge_archive_on_deleted_comment' => FILTER_SANITIZE_STRING,
- 'purge_page_on_mod' => FILTER_SANITIZE_STRING,
- 'purge_page_on_new_comment' => FILTER_SANITIZE_STRING,
- 'purge_page_on_deleted_comment' => FILTER_SANITIZE_STRING,
- 'smart_http_expire_form_nonce' => FILTER_SANITIZE_STRING,
+ 'enable_purge',
+ 'enable_stamp',
+ 'purge_method',
+ 'is_submit',
+ 'redis_hostname',
+ 'redis_port',
+ 'redis_prefix',
+ 'purge_homepage_on_edit',
+ 'purge_homepage_on_del',
+ 'purge_url',
+ 'log_level',
+ 'log_filesize',
+ 'smart_http_expire_save',
+ 'cache_method',
+ 'enable_map',
+ 'enable_log',
+ 'purge_archive_on_edit',
+ 'purge_archive_on_del',
+ 'purge_archive_on_new_comment',
+ 'purge_archive_on_deleted_comment',
+ 'purge_page_on_mod',
+ 'purge_page_on_new_comment',
+ 'purge_page_on_deleted_comment',
+ 'smart_http_expire_form_nonce',
);
-$all_inputs = filter_input_array( INPUT_POST, $args );
+$all_inputs = array();
+
+foreach ( $args as $val ) {
+ if ( isset( $_POST[ $val ] ) ) {
+ $all_inputs[ $val ] = wp_strip_all_tags( $_POST[ $val ] );
+ }
+}
if ( isset( $all_inputs['smart_http_expire_save'] ) && wp_verify_nonce( $all_inputs['smart_http_expire_form_nonce'], 'smart-http-expire-form-nonce' ) ) {
unset( $all_inputs['smart_http_expire_save'] );
@@ -720,7 +726,7 @@
-
+