WPCIVIUX-162 Sanitize CloudFlare Turnstile settings fields

agileware · Nov 4, 2024 · 3e49ee9 · 3e49ee9
1 parent a4d08b2
commit 3e49ee9
Showing 1 changed file with 16 additions and 1 deletion.
diff --git a/admin/class-civicrm-ux-admin.php b/admin/class-civicrm-ux-admin.php
@@ -170,7 +170,22 @@ public function register_settings() {
 		);
 
 		// WPCIVIUX-167 settings
-		register_setting( 'civicrm-ux-settings-group', 'civicrm_ux_cf_turnstile' );
+		register_setting( 'civicrm-ux-settings-group', 'civicrm_ux_cf_turnstile', 
+			array(
+				'type' => 'array',
+				'sanitize_callback' => function($input) {
+					// Custom sanitize callback to ensure whitespace is trimmed
+					$sanitized = [];
+					foreach ($input as $field => $value) {
+						if ( $field === 'sitekey' || $field === 'secret_key' ) {
+							$sanitized[$field] = sanitize_text_field($value);
+						}
+					}
+
+					return $sanitized;
+				},
+			)
+		);
 	}
 
 	/**