From 4f206f0d2ddacba3ebcbb0368da96ec09023f9ac Mon Sep 17 00:00:00 2001
From: Dennis Ploetner <re@lloc.de>
Date: Mon, 23 Sep 2024 16:11:07 +0200
Subject: [PATCH] Security fixes

---
 includes/MslsPostTagClassic.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/includes/MslsPostTagClassic.php b/includes/MslsPostTagClassic.php
index 6ea7493d..9c7e7523 100644
--- a/includes/MslsPostTagClassic.php
+++ b/includes/MslsPostTagClassic.php
@@ -77,7 +77,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 
 			$this->maybe_set_linked_term( $mydata );
 
-			printf( $title_format, $this->get_select_title() );
+			printf( wp_kses_post( $title_format ), esc_html( $this->get_select_title() ) );
 
 			foreach ( $blogs as $blog ) {
 				$this->print_option( $blog, $type, $mydata, $item_format );
@@ -119,14 +119,14 @@ public function print_option( MslsBlog $blog, string $type, MslsOptionsTax $myda
 			foreach ( $terms as $term ) {
 				$options .= sprintf(
 					'<option value="%s" %s>%s</option>',
-					$term->term_id,
+					esc_attr( $term->term_id ),
 					selected( $term->term_id, $mydata->$language, false ),
-					$term->name
+					esc_html( $term->name )
 				);
 			}
 		}
 
-		printf( $item_format, $language, $icon, $options );
+		printf( wp_kses_post( $item_format ), esc_attr( $language ), $icon, $options );
 
 		restore_current_blog();
 	}