Merge pull request #244 from lloc/dev

FILTER_SANITIZE_FULL_SPECIAL_CHARS instead of FILTER_SANITIZE_STRING

Author: lloc

includes/ContentImport/Importers/WithRequestPostAttributes.php

@@ -32,6 +32,6 @@ protected function read_post_type_from_request( $default = 'post' ) {
 			return $default;
 		}
 
-		return filter_var( $_REQUEST['post_type'], FILTER_SANITIZE_STRING ) ?: 'post';
+		return filter_var( $_REQUEST['post_type'], FILTER_SANITIZE_FULL_SPECIAL_CHARS ) ?: 'post';
 	}
 }

includes/MslsMetaBox.php

@@ -361,11 +361,8 @@ public function set( $post_id ) {
 			return;
 		}
 
-		$capability = (
-		'page' == filter_input( INPUT_POST, 'post_type', FILTER_SANITIZE_STRING ) ?
-			'edit_page' :
-			'edit_post'
-		);
+		$post_type  = filter_input( INPUT_POST, 'post_type', FILTER_SANITIZE_FULL_SPECIAL_CHARS );
+		$capability = 'page' === $post_type ? 'edit_page' : 'edit_post';
 
 		if ( ! current_user_can( $capability, $post_id ) ) {
 			return;