Changeset 3173165

Timestamp:

10/21/2024 08:26:01 PM (16 months ago)

Author:

ali7ali

Message:

Security enhancements and code refactoring

File:

• alpha-price-table-for-elementor/trunk/includes/class-alpha-price-table-widget.php (modified) (2 diffs)

alpha-price-table-for-elementor/trunk/includes/class-alpha-price-table-widget.php

@@ -797 +797 @@
         $migration_allowed = Icons_Manager::is_migration_allowed();
 
-        $allowed_tags = [
-            'h2' => [],
-            'h3' => [],
-            'h4' => [],
-            'h5' => [],
-            'h6' => [],
-        ];
+        // Define an allow-list for heading tags
+        $allowed_tags = ['h2', 'h3', 'h4', 'h5', 'h6'];
+
+        // Check if the provided tag is in the allow-list, default to 'h2' if not
+        $heading_tag = in_array($settings['heading_tag'], $allowed_tags) ? $settings['heading_tag'] : 'h2';
 ?>
 
@@ -810 +808 @@
                 <div class="elementor-price-table__header">
                     <?php if (! empty($settings['heading'])) : ?>
-                        <<?php echo wp_kses($settings['heading_tag'], $allowed_tags); ?> <?php echo wp_kses_post($this->get_render_attribute_string('heading')); ?>>
+                        <<?php echo esc_attr($heading_tag); ?> <?php echo wp_kses_post($this->get_render_attribute_string('heading')); ?>>
                             <?php echo wp_kses_post($settings['heading']); ?>
-                        </<?php echo wp_kses($settings['heading_tag'], $allowed_tags); ?>>
+                        </<?php echo esc_attr($heading_tag); ?>>
                     <?php endif; ?>