Changeset 2492534

Timestamp:

03/10/2021 06:45:30 PM (5 years ago)

Author:

akirak

Message:

use wp_kses for sanitizing

File:

• custom-global-variables/trunk/custom-global-variables.php (modified) (3 diffs)

custom-global-variables/trunk/custom-global-variables.php

@@ -95 +95 @@
             foreach ( $_POST['vars'] as $var ) {
                 $var['name'] = sanitize_textarea_field($var['name']);
+                $var['val'] = wp_kses_post($var['val']);
+
 
                 if ( ! empty( $var['name'] ) && !empty( $var['val'] ) ) {
@@ -155 +157 @@
                                     <?php
                                     $key = esc_html($key);
+                                    $val = wp_kses_post($val);
                                     ?>
 
@@ -220 +223 @@
         $param0 = sanitize_text_field($params[0]);
         if ( ! empty( $GLOBALS['cgv'][ $param0 ])  ) {
-            return $GLOBALS['cgv'][ $param0 ];
+            return wp_kses_post($GLOBALS['cgv'][ $param0 ]);
         }