Changeset 3211282

Timestamp:

12/20/2024 10:00:10 PM (13 months ago)

Author:

arothman

Message:

Revised sanitize functions to allow &filter= shortcodes to decode properly.

File:

• pcrecruiter-extensions/trunk/PCRecruiter-Extensions.php (modified) (2 diffs)

pcrecruiter-extensions/trunk/PCRecruiter-Extensions.php

@@ -38 +38 @@
     $loadurl = $a['link'];
     $loadurl = sanitize_loadurl($loadurl);
+    $loadurl = htmlspecialchars_decode($loadurl, ENT_QUOTES); // Decode HTML entities, including &
+
     $initialheight = intval($a['initialheight']);
     $background = preg_match('/^#[a-fA-F0-9]{3,6}$|^transparent$/', $a['background']) ? $a['background'] : 'transparent';
@@ -76 +78 @@
     $iframe = $doc->createElement('iframe');
     $iframe->setAttribute('frameborder', '0');
-    $iframe->setAttribute('host', $loadurl);
+    $iframe->setAttribute('host', esc_url($loadurl));
     $iframe->setAttribute('id', 'pcrframe');
     $iframe->setAttribute('name', 'pcrframe');