Skip to content

Commit

Permalink
Security fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@lloc
lloc committed Sep 23, 2024
1 parent 45bf407 commit 6613f79
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions includes/MslsPostTag.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo

$this->maybe_set_linked_term( $mydata );

printf( $title_format, esc_html( $this->get_select_title() ), esc_attr( $type ) );
printf( wp_kses_post( $title_format ), esc_html( $this->get_select_title() ), esc_attr( $type ) );

foreach ( $blogs as $blog ) {
switch_to_blog( $blog->userblog_id );
Expand All @@ -179,7 +179,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
}
}

printf( $item_format, esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );
printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );

Check failure on line 182 in includes/MslsPostTag.php

View workflow job for this annotation

GitHub Actions / test

WordPress.Security.EscapeOutput.OutputNotEscaped 

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$icon'.

restore_current_blog();
}
Expand Down

0 comments on commit 6613f79

Please sign in to comment.