From 95ea54e75da51c40ed989c5ac23f938b07319308 Mon Sep 17 00:00:00 2001 From: Matthew Reishus Date: Wed, 22 Sep 2021 14:04:59 -0500 Subject: [PATCH] [not verified] Modify WPCOM specific check to pass WPCOM linting --- .../modules/widget-visibility/widget-conditions.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/projects/plugins/jetpack/modules/widget-visibility/widget-conditions.php b/projects/plugins/jetpack/modules/widget-visibility/widget-conditions.php index e9f1b7bcf205e..669fedf5601b5 100644 --- a/projects/plugins/jetpack/modules/widget-visibility/widget-conditions.php +++ b/projects/plugins/jetpack/modules/widget-visibility/widget-conditions.php @@ -765,8 +765,11 @@ public static function filter_widget( $instance ) { return $instance; } // WordPress.com specific check - here, referer ends in /rest-proxy/ and doesn't tell us what's requesting. - if ( true === isset( $_REQUEST['_gutenberg_nonce'] ) && wp_verify_nonce( $_REQUEST['_gutenberg_nonce'], 'gutenberg_request' ) && - 1 === preg_match( '~^/wp/v2/sites/\d+/(sidebars|widgets)~', $_SERVER['REQUEST_URI'] ) && 'edit' === $_REQUEST['context'] ) { + $current_url = ! empty( $_SERVER['REQUEST_URI'] ) ? esc_url_raw( wp_unslash( $_SERVER['REQUEST_URI'] ) ) : ''; + $nonce = ! empty( $_REQUEST['_gutenberg_nonce'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['_gutenberg_nonce'] ) ) : ''; + $context = ! empty( $_REQUEST['context'] ) ? sanitize_text_field( wp_unslash( $_REQUEST['context'] ) ) : ''; + if ( wp_verify_nonce( $nonce, 'gutenberg_request' ) && + 1 === preg_match( '~^/wp/v2/sites/\d+/(sidebars|widgets)~', $current_url ) && 'edit' === $context ) { return $instance; }