Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

use wp_kses to sanitize but allow links

This commit is contained in:
paul sealock 2023-12-08 09:53:46 +13:00
parent d0d49b49f5
commit 812271fd85
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
plugins/woocommerce/includes/admin/settings/views/html-admin-page-shipping-zone-methods.php
View File

@ -201,8 +201,14 @@ if ( ! defined( 'ABSPATH' ) ) {
if ( ! $method->supports( 'shipping-zones' ) ) {
continue;
}
$description = wp_kses_post( $method->get_method_description() );
echo '<div class="wc-shipping-zone-method-input"><input type="radio" value="' . esc_attr( $method->id ) . '" id="' . esc_attr( $method->id ) . '" name="add_method_id"/><label for="' . esc_attr( $method->id ) . '">' . esc_html( $method->get_method_title() ) . '<span class="dashicons dashicons-yes"></span></label><div class="wc-shipping-zone-method-input-help-text"><span>' . esc_html( $description ) . '</span></div></div>';
$allowed_html = array(
'a' => array(
'href' => true,
'title' => true
)
);
$description = wp_kses( $method->get_method_description(), $allowed_html );
echo '<div class="wc-shipping-zone-method-input"><input type="radio" value="' . esc_attr( $method->id ) . '" id="' . esc_attr( $method->id ) . '" name="add_method_id"/><label for="' . esc_attr( $method->id ) . '">' . esc_html( $method->get_method_title() ) . '<span class="dashicons dashicons-yes"></span></label><div class="wc-shipping-zone-method-input-help-text"><span>' . $description . '</span></div></div>';
}
?>
</fieldset>