Security fixes

lloc · lloc · commit 603ec7d33b00 · 2024-09-23T16:57:09.000+02:00
diff --git a/includes/MslsCustomColumn.php b/includes/MslsCustomColumn.php
@@ -94,7 +94,7 @@ public function td( $column_name, $item_id ): void {
 					printf(
 						'<span class="msls-icon-wrapper %1$s">%2$s</span>',
 						esc_attr( $this->options->get_icon_type() ),
-						$icon->get_a()
+						wp_kses_post( $icon->get_a() )
 					);
 
 					restore_current_blog();
diff --git a/includes/MslsPostTag.php b/includes/MslsPostTag.php
@@ -179,7 +179,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo
 					}
 				}
 
-				printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );
+				printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), wp_kses_post( $icon ), esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );
 
 				restore_current_blog();
 			}
diff --git a/includes/MslsPostTagClassic.php b/includes/MslsPostTagClassic.php
@@ -126,7 +126,7 @@ public function print_option( MslsBlog $blog, string $type, MslsOptionsTax $myda
 			}
 		}
 
-		printf( wp_kses_post( $item_format ), esc_attr( $language ), $icon, $options );
+		printf( wp_kses_post( $item_format ), esc_attr( $language ), wp_kses_post( $icon ), wp_kses_post( $options ) );
 
 		restore_current_blog();
 	}

Original file line number	Diff line number	Diff line change
`@@ -179,7 +179,7 @@ public function the_input( ?\WP_Term $tag, string $title_format, string $item_fo`
`179`	`179`	`}`
`180`	`180`	`}`
`181`	`181`
`182`		`- printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), $icon, esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );`
	`182`	`+ printf( wp_kses_post( $item_format ), esc_attr( $blog->userblog_id ), wp_kses_post( $icon ), esc_attr( $language ), esc_attr( $value ), esc_attr( $title ) );`
`183`	`183`
`184`	`184`	`restore_current_blog();`
`185`	`185`	`}`
Original file line number	Diff line number	Diff line change
`@@ -126,7 +126,7 @@ public function print_option( MslsBlog $blog, string $type, MslsOptionsTax $myda`
`126`	`126`	`}`
`127`	`127`	`}`
`128`	`128`
`129`		`- printf( wp_kses_post( $item_format ), esc_attr( $language ), $icon, $options );`
	`129`	`+ printf( wp_kses_post( $item_format ), esc_attr( $language ), wp_kses_post( $icon ), wp_kses_post( $options ) );`
`130`	`130`
`131`	`131`	`restore_current_blog();`
`132`	`132`	`}`