Skip to content

Commit 610a8a3

Browse files
parhummparhumm
committed
fix: sanitize and normalize legacy enable_maxmind flag in provider resolver
Both settings that drive resolve_geolocation_provider() are now sanitized via sanitize_text_field(). The legacy enable_maxmind tri-state is normalized to deterministic tokens ('on'|'no'|'disable') before use in cache keys and comparisons, ensuring consistent behavior regardless of stored value format.
1 parent 422ac6a commit 610a8a3

File tree

1 file changed

+23
-15
lines changed

1 file changed

+23
-15
lines changed

wp-slimstat.php

Lines changed: 23 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -422,35 +422,43 @@ public static function resolve_geolocation_provider()
422422
{
423423
static $cache = [];
424424

425-
// Key by the two settings values that drive resolution so the cache
426-
// invalidates automatically when settings change mid-request (e.g.
427-
// after a settings save updates self::$settings).
428-
$provider_raw = self::$settings['geolocation_provider'] ?? '';
429-
$legacy_raw = self::$settings['enable_maxmind'] ?? 'disable';
430-
$cache_key = sanitize_text_field($provider_raw) . '|' . $legacy_raw;
425+
// Sanitize both settings that drive resolution
426+
$provider_san = sanitize_text_field(self::$settings['geolocation_provider'] ?? '');
427+
428+
// Normalize legacy tri-state ('on'|'no'|'disable') to deterministic token
429+
$legacy_san = sanitize_text_field(self::$settings['enable_maxmind'] ?? '');
430+
if ('on' === $legacy_san) {
431+
$legacy_norm = 'on';
432+
} elseif ('no' === $legacy_san) {
433+
$legacy_norm = 'no';
434+
} else {
435+
$legacy_norm = 'disable';
436+
}
437+
438+
// Cache key invalidates when settings change mid-request (e.g. settings save)
439+
$cache_key = $provider_san . '|' . $legacy_norm;
431440

432441
if (array_key_exists($cache_key, $cache)) {
433442
return $cache[$cache_key];
434443
}
435444

436445
$result = false;
437446

438-
if (isset(self::$settings['geolocation_provider'])) {
439-
$p = sanitize_text_field(self::$settings['geolocation_provider']);
440-
if ('disable' === $p) {
447+
if ('' !== $provider_san) {
448+
if ('disable' === $provider_san) {
441449
$cache[$cache_key] = false;
442450
return false;
443451
}
444-
if (in_array($p, \SlimStat\Services\GeoService::ALL_PROVIDERS, true)) {
445-
$cache[$cache_key] = $p;
446-
return $p;
452+
if (in_array($provider_san, \SlimStat\Services\GeoService::ALL_PROVIDERS, true)) {
453+
$cache[$cache_key] = $provider_san;
454+
return $provider_san;
447455
}
448-
// Invalid/empty value — fall through to legacy flag
456+
// Invalid value — fall through to legacy flag
449457
}
450458

451-
if ('on' === $legacy_raw) {
459+
if ('on' === $legacy_norm) {
452460
$result = 'maxmind';
453-
} elseif ('no' === $legacy_raw) {
461+
} elseif ('no' === $legacy_norm) {
454462
$result = 'dbip';
455463
}
456464

0 commit comments

Comments
 (0)