From 1bf47c2a81a3e4705a29398612ba0370af78e24a Mon Sep 17 00:00:00 2001 From: Mike Jolley Date: Fri, 8 Dec 2017 11:47:27 +0000 Subject: [PATCH] API: Use KSES for purchase_note like admin --- includes/api/class-wc-rest-products-controller.php | 2 +- includes/api/v1/class-wc-rest-products-controller.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/includes/api/class-wc-rest-products-controller.php b/includes/api/class-wc-rest-products-controller.php index 4e601c4af49..8e35789c8b2 100644 --- a/includes/api/class-wc-rest-products-controller.php +++ b/includes/api/class-wc-rest-products-controller.php @@ -745,7 +745,7 @@ class WC_REST_Products_Controller extends WC_REST_Legacy_Products_Controller { // Purchase Note. if ( isset( $request['purchase_note'] ) ) { - $product->set_purchase_note( wc_clean( $request['purchase_note'] ) ); + $product->set_purchase_note( wp_kses_post( wp_unslash( $request['purchase_note'] ) ) ); } // Featured Product. diff --git a/includes/api/v1/class-wc-rest-products-controller.php b/includes/api/v1/class-wc-rest-products-controller.php index 26b0785e964..66119593253 100644 --- a/includes/api/v1/class-wc-rest-products-controller.php +++ b/includes/api/v1/class-wc-rest-products-controller.php @@ -1097,7 +1097,7 @@ class WC_REST_Products_V1_Controller extends WC_REST_Posts_Controller { // Purchase Note. if ( isset( $request['purchase_note'] ) ) { - $product->set_purchase_note( wc_clean( $request['purchase_note'] ) ); + $product->set_purchase_note( wp_kses_post( wp_unslash( $request['purchase_note'] ) ) ); } // Featured Product.