Replaced the deprecated FILTER_SANITIZE_STRING with sanitize_text_field

Resolves #387
@polevaultweb

includes/actions.php

@@ -385,8 +385,8 @@ function wpum_complete_setup() {
 function wpum_prevent_wp_login() {
 	global $pagenow;
 
-	$action        = filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
-	$wpum_override = filter_input( INPUT_GET, 'wpum_override' );
+	$action        = sanitize_text_field( $_GET['action'] );
+	$wpum_override = sanitize_text_field( $_GET['wpum_override'] );
 
 	if ( $pagenow && 'wp-login.php' === $pagenow && ! $wpum_override && ( ! $action || ( ! in_array( $action, array( 'logout', 'lostpassword', 'rp', 'resetpass', 'postpass' ), true ) ) ) ) {
 		$page = wp_login_url();
@@ -963,7 +963,7 @@ function validate_user_meta_key() {
 
 
 add_action( 'the_content', function( $content ) {
-	$registration = filter_input( INPUT_GET, 'registration', FILTER_SANITIZE_STRING );
+	$registration = sanitize_text_field( $_GET['registration'] ?? '' );
 	if ( empty( $registration ) || 'success' !== $registration ) {
 		return $content;
 	}

includes/admin/class-wpum-permalinks-settings.php

@@ -119,7 +119,7 @@ public function save_structure() {
 		}
 
 		// Check that the saved permalink method is one of the registered structures.
-		$user_permalink = filter_input( INPUT_POST, 'user_permalink', FILTER_SANITIZE_STRING );
+		$user_permalink = sanitize_text_field( $_POST['user_permalink'] ?? '' );
 		if ( array_key_exists( $user_permalink, wpum_get_permalink_structures() ) ) {
 			$user_permalink = sanitize_text_field( $user_permalink );
 			update_option( 'wpum_permalink', $user_permalink );

includes/admin/class-wpum-plugin-updates.php

@@ -652,7 +652,7 @@ public function migrate_directories() {
 	 * @return void
 	 */
 	public function upgrade() {
-		$update_version = filter_input( INPUT_GET, 'wpum-plugin-updates', FILTER_SANITIZE_STRING );
+		$update_version = sanitize_text_field( $_GET['wpum-plugin-updates'] ?? '' );
 
 		if ( 'v202' === $update_version && current_user_can( 'manage_options' ) && ! get_option( 'v202_upgrade' ) ) {
 

includes/class-wp-user-manager.php

@@ -386,7 +386,7 @@ private function includes() {
 
 			require_once WPUM_PLUGIN_DIR . 'includes/install.php';
 
-			$email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_SANITIZE_STRING );
+			$email_customizer = sanitize_text_field( $_GET['wpum_email_customizer'] ?? '' );
 			if ( defined( 'DOING_AJAX' ) || 'true' === $email_customizer ) {
 				require_once WPUM_PLUGIN_DIR . 'includes/emails/class-wpum-emails-customizer-scripts.php';
 				require_once WPUM_PLUGIN_DIR . 'includes/emails/class-wpum-emails-customizer.php';

includes/emails/class-wpum-emails-customizer-scripts.php

@@ -57,7 +57,7 @@ public function customize_preview() {
 	 * @return void
 	 */
 	public function customize_controls() {
-		$selected_email_id = filter_input( INPUT_GET, 'email', FILTER_SANITIZE_STRING );
+		$selected_email_id = sanitize_text_field( $_GET['email'] ?? '' );
 
 		wp_enqueue_editor();
 		wp_enqueue_script( 'wpum-email-customize-controls', WPUM_PLUGIN_URL . 'assets/js/admin/admin-email-customizer-controls.min.js', array( 'customize-controls' ), WPUM_VERSION, true );

includes/emails/class-wpum-emails-customizer.php

@@ -80,7 +80,7 @@ private function includes() {
 	 * @return bool
 	 */
 	public function remove_sections( $active, $section ) {
-		$wpum_email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_SANITIZE_STRING );
+		$wpum_email_customizer = sanitize_text_field( $_GET['wpum_email_customizer'] ?? '' );
 
 		// Bail if not our customizer.
 		if ( empty( $wpum_email_customizer ) ) {
@@ -112,7 +112,7 @@ public function remove_sections( $active, $section ) {
 	 * @return bool
 	 */
 	public function remove_panels( $active, $panel ) {
-		$wpum_email_customizer = filter_input( INPUT_GET, 'wpum_email_customizer', FILTER_SANITIZE_STRING );
+		$wpum_email_customizer = sanitize_text_field( $_GET['wpum_email_customizer'] ?? '' );
 
 		if ( empty( $wpum_email_customizer ) ) {
 			return true;
@@ -124,7 +124,9 @@ public function remove_panels( $active, $panel ) {
 			foreach ( wpum_get_registered_emails() as $email_id => $registered_email ) {
 				$panels[] = $email_id;
 			}
-			if ( in_array( $panel->id, $panels, true ) && filter_input( INPUT_GET, 'email', FILTER_SANITIZE_STRING ) === $panel->id ) {
+
+			$email_id = sanitize_text_field( $_GET['email'] ?? '' );
+			if ( in_array( $panel->id, $panels, true ) && $email_id === $panel->id ) {
 				return true;
 			}
 			return false;
@@ -283,11 +285,9 @@ private function get_default( $email_id, $field = false ) {
 	 * @return void
 	 */
 	public function customizer_setup_preview() {
-		$email = filter_input( INPUT_GET, 'email', FILTER_SANITIZE_STRING );
-
-		if ( is_customize_preview() && $email ) {
+		$email_id = sanitize_text_field( $_GET['email'] ?? '' );
 
-			$email_id = sanitize_text_field( $email );
+		if ( is_customize_preview() && $email_id ) {
 
 			WPUM()->templates
 				->set_template_data( array(

includes/emails/class-wpum-emails-list.php

@@ -57,7 +57,7 @@ public function setup_menu_page() {
 	 * @return void
 	 */
 	public function load_scripts() {
-		$page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
+		$page = sanitize_text_field( $_GET['page'] ?? '' );
 
 		if ( 'wpum-emails' === $page ) {
 
@@ -155,8 +155,8 @@ public function wpum_enabled_email() {
 
 		check_ajax_referer( 'wpum_test_email', 'nonce' );
 
-		$enabled = filter_input( INPUT_POST, 'enabled', FILTER_SANITIZE_STRING );
-		$key     = filter_input( INPUT_POST, 'key', FILTER_SANITIZE_STRING );
+		$enabled = sanitize_text_field( $_POST['enabled'] ?? '' );
+		$key     = sanitize_text_field( $_POST['key'] ?? '' );
 
 		if ( ! empty( $key ) && current_user_can( apply_filters( 'wpum_admin_pages_capability', 'manage_options' ) ) && is_admin() ) {
 			$emails                    = wpum_get_emails();

includes/fields/types/class-wpum-field-userrole.php

@@ -49,7 +49,7 @@ public function get_posted_field( $key, $field ) {
 			return isset( $_POST[ $key ] ) ? array_map( 'sanitize_text_field', $_POST[ $key ] ) : array(); // phpcs:ignore
 		}
 
-		return filter_input( INPUT_POST, $key, FILTER_SANITIZE_STRING );
+		return sanitize_text_field( $_POST[ $key ] ?? '' );
 	}
 
 	/**

includes/forms/class-wpum-form-password-recovery.php

@@ -313,7 +313,7 @@ public function reset() {
 		$this->init_fields();
 
 		$cookie_key = self::get_cookie();
-		$cookie     = filter_input( INPUT_COOKIE, $cookie_key, FILTER_SANITIZE_STRING );
+		$cookie     = sanitize_text_field( $_COOKIE[ $cookie_key ] ?? '' );
 
 		if ( $cookie && 0 < strpos( $cookie, ':' ) ) {
 			list( $rp_login, $verification_key ) = explode( ':', wp_unslash( $cookie ), 2 );
@@ -421,8 +421,7 @@ public function reset_handler() {
 			$password_2 = $values['password']['password_2'];
 
 			$cookie_key = self::get_cookie();
-			$cookie     = filter_input( INPUT_COOKIE, $cookie_key, FILTER_SANITIZE_STRING );
-
+			$cookie     = sanitize_text_field( $_COOKIE[ $cookie_key ] ?? '' );
 			if ( $cookie && 0 < strpos( $cookie, ':' ) ) {
 				list( $rp_login, $verification_key ) = explode( ':', wp_unslash( $cookie ), 2 );
 

includes/forms/class-wpum-form-password.php

@@ -244,8 +244,7 @@ public function submit_handler() {
 
 				$active_tab = get_query_var( 'tab' );
 				if ( empty( $active_tab ) ) {
-					$tab = filter_input( INPUT_GET, 'tab', FILTER_SANITIZE_STRING );
-
+					$tab = sanitize_text_field( $_GET['tab'] ?? '' );
 					$active_tab = $tab ? $tab : 'password';
 				}
 				$redirect = get_permalink();

includes/forms/class-wpum-registration-forms-editor.php

@@ -236,8 +236,8 @@ public function update_form() {
 		}
 
 		$form_id   = filter_input( INPUT_POST, 'form_id', FILTER_VALIDATE_INT );
-		$form_name = filter_input( INPUT_POST, 'form_name', FILTER_SANITIZE_STRING );
-		$form_name = $form_name ? sanitize_text_field( $form_name ) : false;
+		$form_name = sanitize_text_field( $_POST['form_name'] ?? '' );
+		$form_name = $form_name ? $form_name : false;
 
 		if ( $form_id && $form_name ) {
 

includes/integrations/elementor/class-wpum-elementor-loader.php

@@ -41,9 +41,9 @@ public function init() {
 		add_filter( 'elementor/widget/render_content', array( $this, 'wpum_restrict_widget_content' ), 10, 2 );
 
 		add_filter( 'wpum_shortcode_logged_in_override', function ( $override ) {
-			$post       = filter_input( INPUT_GET, 'post', FILTER_SANITIZE_STRING );
-			$elementor1 = filter_input( INPUT_GET, 'elementor', FILTER_SANITIZE_STRING );
-			$elementor2 = 'elementor' === filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
+			$post       = sanitize_text_field( $_GET['post'] ?? '' );
+			$elementor1 = sanitize_text_field( $_GET['elementor'] ?? '' );
+			$elementor2 = 'elementor' === sanitize_text_field( $_GET['action'] ?? '' );
 
 			if ( ! empty( $post ) && ( ! empty( $elementor1 ) || $elementor2 ) ) {
 				return true;

includes/integrations/stripe/Account.php

@@ -254,7 +254,7 @@ public function handle_download_invoice() {
 	 * @throws \Stripe\Exception\ApiErrorException
 	 */
 	public function handle_manage_billing() {
-		$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
+		$nonce = sanitize_text_field( $_POST['nonce'] ?? '' );
 
 		if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wpum-stripe-manage-billing' ) ) {
 			wp_send_json_error( __( 'Unknown Error', 'wp-user-manager' ) );
@@ -279,13 +279,13 @@ public function handle_manage_billing() {
 	 * Handle checkout
 	 */
 	public function handle_checkout() {
-		$plan_id = filter_input( INPUT_POST, 'plan', FILTER_SANITIZE_STRING );
+		$plan_id = sanitize_text_field( $_POST['plan'] ?? '' );
 
 		if ( empty( $plan_id ) ) {
 			wp_send_json_error( __( 'Unknown plan', 'wp-user-manager' ) );
 		}
 
-		$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
+		$nonce = sanitize_text_field( $_POST['nonce'] ?? '' );
 
 		if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wpum-stripe-plan-' . $plan_id ) ) {
 			wp_send_json_error( __( 'Unknown Error', 'wp-user-manager' ) );
@@ -339,7 +339,7 @@ public function get_redirect_after_account_payment( $plan_id, $form = false ) {
 	 * Render payment message
 	 */
 	public function render_payment_message() {
-		$payment = filter_input( INPUT_GET, 'payment', FILTER_SANITIZE_STRING );
+		$payment = sanitize_text_field( $_GET['payment'] ?? '' );
 		if ( 'success' !== $payment ) {
 			return;
 		}

includes/integrations/stripe/Connect.php

@@ -162,17 +162,17 @@ public function disconnect_url( $mode ) {
 	 * Complete connection
 	 */
 	public function complete() {
-		$page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
+		$page = sanitize_text_field( $_GET['page'] ?? '' );
 		if ( empty( $page ) || 'wpum-settings' !== $page ) {
 			return;
 		}
 
-		$action = filter_input( INPUT_GET, 'action', FILTER_SANITIZE_STRING );
+		$action = sanitize_text_field( $_GET['action'] ?? '' );
 		if ( empty( $action ) || 'stripe_connect' !== $action ) {
 			return;
 		}
 
-		$state = filter_input( INPUT_GET, 'state', FILTER_SANITIZE_STRING );
+		$state = sanitize_text_field( $_GET['state'] ?? '' );
 		if ( empty( $state ) ) {
 			return;
 		}

includes/integrations/stripe/Settings.php

@@ -356,18 +356,15 @@ public function stripe_connect_account_info_ajax_response() {
 			return wp_send_json_error( $unknown_error );
 		}
 
-		$nonce = filter_input( INPUT_POST, 'nonce', FILTER_SANITIZE_STRING );
+		$nonce = sanitize_text_field( $_POST['nonce'] ?? '' );
 
 		// Nonce validation, show error on fail.
 		if ( empty( $nonce ) || ! wp_verify_nonce( $nonce, 'wpum-stripe-connect-account-information' ) ) {
 			return wp_send_json_error( $unknown_error );
 		}
 
-		$account_id = filter_input( INPUT_POST, 'account_id', FILTER_SANITIZE_STRING );
-		$account_id = $account_id ? sanitize_text_field( $account_id ) : '';
-
-		$gateway_mode = filter_input( INPUT_POST, 'gateway_mode', FILTER_SANITIZE_STRING );
-		$mode         = $gateway_mode ? sanitize_text_field( $gateway_mode ) : 'test';
+		$account_id = sanitize_text_field( $_POST['account_id'] ?? '' );
+		$mode       = sanitize_text_field( $_POST['gateway_mode'] ?? 'test' );
 
 		// Provides general reconnect and disconnect action URLs.
 		$reconnect_disconnect_actions = sprintf( '<a href="%s">%s</a>', esc_url( $this->connect->disconnect_url( $mode ) ), __( 'Disconnect', 'wp-user-manager' ) );
@@ -540,7 +537,7 @@ public function stripe_connect_account_info_ajax_response() {
 	 * @return bool|void
 	 */
 	public function handle_stripe_connect_disconnect() {
-		$page = filter_input( INPUT_GET, 'page', FILTER_SANITIZE_STRING );
+		$page = sanitize_text_field( $_GET['page'] ?? '' );
 		if ( empty( $page ) ) {
 			return;
 		}
@@ -549,12 +546,12 @@ public function handle_stripe_connect_disconnect() {
 			return;
 		}
 
-		$disconnect = filter_input( INPUT_GET, 'disconnect', FILTER_SANITIZE_STRING );
+		$disconnect = sanitize_text_field( $_GET['disconnect'] ?? '' );
 		if ( empty( $disconnect ) ) {
 			return;
 		}
 
-		$mode = filter_input( INPUT_GET, 'mode', FILTER_SANITIZE_STRING );
+		$mode = sanitize_text_field( $_GET['mode'] ?? '' );
 		if ( empty( $mode ) ) {
 			return;
 		}
@@ -564,7 +561,7 @@ public function handle_stripe_connect_disconnect() {
 			return;
 		}
 
-		$nonce = filter_input( INPUT_GET, '_wpnonce', FILTER_SANITIZE_STRING );
+		$nonce = sanitize_text_field( $_GET['_wpnonce'] ?? '' );
 		if ( empty( $nonce ) ) {
 			return;
 		}

includes/roles/class-wpum-roles-editor.php

@@ -337,8 +337,8 @@ public function update_role() {
 			wp_die( esc_html__( 'Something went wrong: could not update the role details.', 'wp-user-manager' ), 403 );
 		}
 
-		$role_id   = filter_input( INPUT_POST, 'role_id', FILTER_SANITIZE_STRING );
-		$role_name = filter_input( INPUT_POST, 'role_name', FILTER_SANITIZE_STRING );
+		$role_id   = sanitize_text_field( $_POST['role_id'] ?? '' );
+		$role_name = sanitize_text_field( $_POST['role_name'] ?? '' );
 
 		if ( $role_id && $role_name ) {
 
@@ -362,9 +362,7 @@ public function update_role() {
 	public function delete_role() {
 		check_ajax_referer( 'wpum_delete_role', 'nonce' );
 
-		$role_id = filter_input( INPUT_POST, 'role_id', FILTER_SANITIZE_STRING );
-		$role_id = sanitize_text_field( $role_id );
-
+		$role_id = sanitize_text_field( $_POST['role_id'] ?? '' );
 		if ( ! current_user_can( 'manage_options' ) || ! current_user_can( 'delete_roles' ) || empty( $role_id ) ) {
 			wp_die( esc_html__( 'Something went wrong: could not delete the role.', 'wp-user-manager' ), 403 );
 		}
@@ -409,8 +407,7 @@ public function create_role() {
 			wp_die( esc_html__( 'Something went wrong: could not create new role.', 'wp-user-manager' ), 403 );
 		}
 
-		$role_name = filter_input( INPUT_POST, 'role_name', FILTER_SANITIZE_STRING );
-		$role_name = sanitize_text_field( $role_name );
+		$role_name = sanitize_text_field( $_POST['role_name'] ?? '' );
 
 		if ( $role_name ) {
 			$role_id = strtolower( sanitize_file_name( $role_name ) );
@@ -420,7 +417,7 @@ public function create_role() {
 				'label' => $role_name,
 			);
 
-			$orig_role_id = filter_input( INPUT_POST, 'orig_role_id', FILTER_SANITIZE_STRING );
+			$orig_role_id = sanitize_text_field( $_POST['orig_role_id'] ?? '' );
 
 			if ( $orig_role_id ) {
 				$orig_role = wpum_get_role( $orig_role_id );

includes/shortcodes/shortcodes.php

@@ -181,7 +181,7 @@ function wpum_registration_form( $atts, $content = null ) {
 		)
 	);
 
-	$registration = filter_input( INPUT_GET, 'registration', FILTER_SANITIZE_STRING );
+	$registration = sanitize_text_field( $_GET['registration'] ?? '' );
 	$is_success   = 'success' === $registration;
 
 	ob_start();
@@ -787,7 +787,7 @@ function wpum_directory( $atts, $content = null ) {
 		$offset = ( $paged - 1 ) * $profiles_per_page;
 	}
 
-	$sortby = filter_input( INPUT_GET, 'sortby', FILTER_SANITIZE_STRING );
+	$sortby = sanitize_text_field( $_GET['sortby'] ?? '' );
 	// Set sort by method if any specified from the search form.
 	if ( $sortby ) {
 		$sortby = esc_attr( $sortby );
@@ -981,7 +981,7 @@ function wpum_maybe_fix_carbon_fields_search_keys( $args ) {
 add_filter( 'wpum_directory_search_query_args', 'wpum_maybe_fix_carbon_fields_search_keys', 100 );
 
 add_filter( 'wpum_shortcode_logged_in_override', function ( $override ) {
-	$context = filter_input( INPUT_GET, 'context', FILTER_SANITIZE_STRING );
+	$context = sanitize_text_field( $_GET['context'] ?? '' );
 
 	if ( empty( $context ) ) {
 		return $override;

includes/updates/class-wpum-license.php

@@ -186,8 +186,7 @@ public function handle_activate_license() {
 				return;
 			}
 
-			$license = filter_input( INPUT_POST, '_' . $this->item_shortname . '_license_key', FILTER_SANITIZE_STRING );
-			$license = sanitize_text_field( $license );
+			$license = sanitize_text_field( $_POST[ $this->item_shortname . '_license_key' ] ?? '' );
 
 			if ( empty( $license ) ) {
 				return;

includes/updates/class-wpum-updater-settings.php

@@ -93,7 +93,7 @@ public function license_scripts() {
 	 * @return void
 	 */
 	public function notices() {
-		$license = filter_input( INPUT_GET, 'license', FILTER_SANITIZE_STRING );
+		$license = sanitize_text_field( $_GET['license'] ?? '' );
 		if ( is_admin() && current_user_can( 'manage_options' ) && 'deactivated' === $license ) {
 
 			?>

templates/forms/form-account.php

@@ -25,7 +25,7 @@
 	<h2><?php echo esc_html( $data->step_name ); ?></h2>
 
 	<?php
-	$updated = filter_input( INPUT_GET, 'updated', FILTER_SANITIZE_STRING );
+	$updated = sanitize_text_field( $_GET['updated'] ?? '' );
 	if ( 'success' === $updated ) :
 		WPUM()->templates
 			->set_template_data( array( 'message' => esc_html__( 'Profile successfully updated.', 'wp-user-manager' ) ) )
@@ -34,7 +34,7 @@
 	?>
 
 	<?php
-	$password_updated = filter_input( INPUT_GET, 'password-updated', FILTER_SANITIZE_STRING );
+	$password_updated = sanitize_text_field( $_GET['password-updated'] ?? '' );
 	if ( 'success' === $password_updated ) :
 		WPUM()->templates
 			->set_template_data( array( 'message' => esc_html__( 'Password successfully updated.', 'wp-user-manager' ) ) )