From 4f4a3460a307de1f2e0938028e911bc72e22b32f Mon Sep 17 00:00:00 2001
From: Grzegorz Rola <grola@seostudio.pl>
Date: Mon, 6 Nov 2017 18:50:26 +0100
Subject: [PATCH] Security fix

---
 includes/admin/class-wc-admin-log-table-list.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/includes/admin/class-wc-admin-log-table-list.php b/includes/admin/class-wc-admin-log-table-list.php
index 43624ec0581..9e5da83b96d 100644
--- a/includes/admin/class-wc-admin-log-table-list.php
+++ b/includes/admin/class-wc-admin-log-table-list.php
@@ -336,7 +336,8 @@ class WC_Admin_Log_Table_List extends WP_List_Table {
 		}
 		if ( ! empty( $_REQUEST['s'] ) ) {
 			$where_conditions[] = 'message like %s';
-			$where_values[]     = '%' . wc_clean( $_REQUEST['s'] ) . '%';
+			$s = wp_unslash( trim( $_REQUEST[ 's' ] ) );
+			$where_values[]     = $wpdb->esc_like( $s );
 		}
 
 		if ( ! empty( $where_conditions ) ) {