From 235ce5716edc2f7cbe80fdccf26eac7269587839 Mon Sep 17 00:00:00 2001
From: Jake Vanderwerf <get@jakevanderwerf.ca>
Date: Mon, 08 Jun 2026 04:38:18 +0000
Subject: [PATCH] =FavouritesManager.php and FavouritesRoutes.php fixes. Moving all logic to FavouritesManager.php. Still some left to do

---
 inc/meta/Sanitizer.php |   34 +++++++++++++++++++++++++---------
 1 files changed, 25 insertions(+), 9 deletions(-)

diff --git a/inc/meta/Sanitizer.php b/inc/meta/Sanitizer.php
index e6cad1c..218a1ac 100644
--- a/inc/meta/Sanitizer.php
+++ b/inc/meta/Sanitizer.php
@@ -14,7 +14,6 @@
 	public static function sanitize(mixed $value, array $field_config): mixed
 	{
 		$callback = static::getCallback($field_config);
-
 		if (is_array($callback)) {
 			return call_user_func([static::class, $callback[1]], $value, $field_config);
 		}
@@ -31,11 +30,9 @@
            MetaTypeManager::getSanitizeCallback($field_config['type']);
     }
 
-    protected static function sanitizeTaxonomy(array|string $values, array $field_config):string
+    protected static function sanitizeTaxonomy(string $values, array $field_config):string
     {
-        if (!is_array($values)) {
-            $values = explode(',', $values);
-        }
+		$values = array_map('absint', explode(',', $values));
 
         // Ensure taxonomy starts with BASE
         $taxonomy = (str_starts_with($field_config['taxonomy'], BASE))
@@ -47,17 +44,21 @@
         return implode(',', $values);
     }
 
-    protected static function sanitizeUser(array|string $values, array $field_config):string
+    protected static function sanitizeUser(string $values, array $field_config):string
     {
-        if (!is_array($values)) {
-            $values = explode(',', $values);
-        }
+		$values = array_map('absint', explode(',', $values));
 
         $values = array_filter($values, fn($value) => (bool)get_userdata((int)$value));
 
         return implode(',', $values);
     }
 
+	protected static function sanitizePost(string $values, array $config):string
+	{
+		$values = array_map('absint', explode(',', $values));
+		return implode(',', array_filter($values, fn($value) => (bool)get_post((int)$value)));
+	}
+
 	protected static function sanitizeTagList(array $values, array $field_config): array
 	{
 		if (empty(array_filter($values, fn($value) => !empty($value)))) {
@@ -171,6 +172,21 @@
 		return $sanitized;
 	}
 
+	protected static function sanitizeSelector(string|array $value, array $config):string
+	{
+		if (is_array($value)) {
+			$value = implode(',', $value);
+		}
+		if (array_key_exists('subtype', $config)) {
+			return match ($config['subtype']) {
+				'user' => self::sanitizeUser($value, $config),
+				'taxonomy'=> self::sanitizeTaxonomy($value, $config),
+				'post'	=> self::sanitizePost($value, $config),
+			};
+		}
+		return implode(',',array_map('absint', explode(',',$value)));
+	}
+
     protected static function sanitizeUpload(array|string $value):string
     {
         if (empty($value)) {

--
Gitblit v1.10.0