Skip to content

Commit

Permalink
Security fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@lloc
lloc committed Sep 23, 2024
1 parent 305c994 commit 4f206f0
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions includes/MslsPostTagClassic.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo

$this->maybe_set_linked_term( $mydata );

printf( $title_format, $this->get_select_title() );
printf( wp_kses_post( $title_format ), esc_html( $this->get_select_title() ) );

foreach ( $blogs as $blog ) {
$this->print_option( $blog, $type, $mydata, $item_format );
Expand Down Expand Up @@ -119,14 +119,14 @@ public function print_option( MslsBlog $blog, string $type, MslsOptionsTax $myda
foreach ( $terms as $term ) {
$options .= sprintf(
'<option value="%s" %s>%s</option>',
$term->term_id,
esc_attr( $term->term_id ),
selected( $term->term_id, $mydata->$language, false ),
$term->name
esc_html( $term->name )
);
}
}

printf( $item_format, $language, $icon, $options );
printf( wp_kses_post( $item_format ), esc_attr( $language ), $icon, $options );

Check failure on line 129 in includes/MslsPostTagClassic.php

View workflow job for this annotation

GitHub Actions / test

WordPress.Security.EscapeOutput.OutputNotEscaped 

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$icon'.

Check failure on line 129 in includes/MslsPostTagClassic.php

View workflow job for this annotation

GitHub Actions / test

WordPress.Security.EscapeOutput.OutputNotEscaped 

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$options'.

restore_current_blog();
}
Expand Down

0 comments on commit 4f206f0

Please sign in to comment.