From 6613f79e3a1070e1a3a204a85845bbf54b9a7714 Mon Sep 17 00:00:00 2001
From: Dennis Ploetner <re@lloc.de>
Date: Mon, 23 Sep 2024 16:16:12 +0200
Subject: [PATCH] Security fixes

---
 includes/MslsPostTag.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/MslsPostTag.php b/includes/MslsPostTag.php
index 128059e4..c41e610e 100644
--- a/includes/MslsPostTag.php
+++ b/includes/MslsPostTag.php
@@ -160,7 +160,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 
 			$this->maybe_set_linked_term( $mydata );
 
-			printf( $title_format, esc_html( $this->get_select_title() ), esc_attr( $type ) );
+			printf( wp_kses_post( $title_format ), esc_html( $this->get_select_title() ), esc_attr( $type ) );
 
 			foreach ( $blogs as $blog ) {
 				switch_to_blog( $blog->userblog_id );
@@ -179,7 +179,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 					}
 				}
 
-				printf( $item_format, esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );
+				printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );
 
 				restore_current_blog();
 			}