You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On line 672 in buddytask.php the code $task_description = isset($_REQUEST['task_description']) ? wp_unslash(sanitize_text_field($_REQUEST['task_description'])) : null;
should be $task_description = isset($_REQUEST['task_description']) ? wp_unslash($_REQUEST['task_description']) : null;
The sanitize_text_field function removes all HTML tags added the the tinymce editor. I believe the wordpress insert and update database functions already include protection against SQL injection so the sanitize_text_field is not required and causes problems.
The text was updated successfully, but these errors were encountered:
On line 672 in buddytask.php the code
$task_description = isset($_REQUEST['task_description']) ? wp_unslash(sanitize_text_field($_REQUEST['task_description'])) : null;should be
$task_description = isset($_REQUEST['task_description']) ? wp_unslash($_REQUEST['task_description']) : null;The sanitize_text_field function removes all HTML tags added the the tinymce editor. I believe the wordpress insert and update database functions already include protection against SQL injection so the sanitize_text_field is not required and causes problems.
The text was updated successfully, but these errors were encountered: