Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Encode HTML entities in product attributes

This commit is contained in:
Jonathan Sadowski 2020-06-11 14:10:05 -05:00
parent 296112cbea
commit 4d6aad4ecb
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
includes/admin/meta-boxes/class-wc-meta-box-product-data.php
View File

@ -244,7 +244,7 @@ class WC_Meta_Box_Product_Data {
continue;
}
$attribute_id = 0;
$attribute_name = wc_clean( $attribute_names[ $i ] );
$attribute_name = wc_clean( esc_html( $attribute_names[ $i ] ) );
if ( 'pa_' === substr( $attribute_name, 0, 3 ) ) {
$attribute_id = wc_attribute_taxonomy_id_by_name( $attribute_name );
@ -257,7 +257,7 @@ class WC_Meta_Box_Product_Data {
$options = wp_parse_id_list( $options );
} else {
// Terms or text sent in textarea.
$options = 0 < $attribute_id ? wc_sanitize_textarea( wc_sanitize_term_text_based( $options ) ) : wc_sanitize_textarea( $options );
$options = 0 < $attribute_id ? wc_sanitize_textarea( esc_html( wc_sanitize_term_text_based( $options ) ) ) : wc_sanitize_textarea( esc_html( $options ) );
$options = wc_get_text_attributes( $options );
}