From 9565a8f574094d3fffd28a16f9f037d62ad5ed58 Mon Sep 17 00:00:00 2001 From: Dat Hoang Date: Sat, 13 Jan 2024 23:18:54 +0700 Subject: [PATCH] Sanitize admin settings --- inc/class-wooviet-admin-page.php | 25 +++++++++++++++++++++++-- readme.md | 4 ++++ woo-viet.php | 4 ++-- 3 files changed, 29 insertions(+), 4 deletions(-) diff --git a/inc/class-wooviet-admin-page.php b/inc/class-wooviet-admin-page.php index 2281f3d..c1dc225 100644 --- a/inc/class-wooviet-admin-page.php +++ b/inc/class-wooviet-admin-page.php @@ -36,7 +36,7 @@ class WooViet_Admin_Page { */ public function save_settings() { if ( wp_verify_nonce( $_REQUEST['wooviet_nonce'], 'wooviet_save_settings' ) ) { - update_option( 'woo-viet', $_REQUEST['settings'] ); + update_option( 'woo-viet', $this->sanitize_settings( $_REQUEST['settings'] ) ); $this->message = '

' . @@ -327,4 +327,25 @@ class WooViet_Admin_Page { $feature_options ) { + foreach ( $feature_options as $option => $value ) { + $sanitized_settings[ $feature ][ $option ] = esc_html( sanitize_text_field( $value ) ); + } + } + + return $sanitized_settings; + } +} diff --git a/readme.md b/readme.md index 673702b..13f35a1 100644 --- a/readme.md +++ b/readme.md @@ -8,6 +8,10 @@ Xem phiên bản tiếng Việt tại đây https://vi.wordpress.org/plugins/woo ## Changelog +### 1.5.3 - 2024.01.13 + +* Update - Sanitize admin settings to avoid XSS. Thanks Dhabaleshwar Das. + ### 1.5.2 - 2021.10.03 * Update - tested with WP 5.8.1 and WC 5.7.1. #86 diff --git a/woo-viet.php b/woo-viet.php index e500c12..52ae086 100644 --- a/woo-viet.php +++ b/woo-viet.php @@ -7,10 +7,10 @@ * Author URI: https://profiles.wordpress.org/htdat * Text Domain: woo-viet * Domain Path: /languages - * Version: 1.5.2 + * Version: 1.5.3 * * WC requires at least: 3.0 - * WC tested up to: 5.7.1 + * WC tested up to: 8.4.0 * * License: GPLv2+ */