Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Correcting escaping of `$mapped->price`, using `wp_kses`.

This commit is contained in:
And Finally 2021-10-14 10:56:22 +01:00
parent 22b67783d0
commit 124dc35e42
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
includes/admin/class-wc-admin-addons.php
View File

@ -183,7 +183,6 @@ class WC_Admin_Addons {
* Handles the outputting of a contextually aware Storefront link (points to child themes if Storefront is already active).
*
* @deprecated 5.9.0 No longer used in In-App Marketplace
*
*/
public static function output_storefront_button() {
$template = get_option( 'template' );
@ -1199,7 +1198,19 @@ class WC_Admin_Addons {
<?php if ( $mapped->is_free ) : ?>
<span class="price"><?php esc_html_e( 'Free', 'woocommerce' ); ?></span>
<?php else : ?>
<span class="price"><?php echo esc_html( $mapped->price ); ?></span>
<span class="price">
<?php
echo wp_kses(
$mapped->price,
array(
'span' => array(
'class' => array(),
),
'bdi' => array(),
)
);
?>
</span>
<span class="price-suffix"><?php esc_html_e( 'per year', 'woocommerce' ); ?></span>
<?php endif; ?>
</div>