Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Whitelist a line in WC Beta Tester from QIT security tests (#49965) 

* Whitelist succeeding line from QIT's security scanner

* Add changelog
This commit is contained in:
rodelgc 2024-07-27 03:31:51 +08:00 committed by GitHub
parent 236cd442d6
commit 8be71d467d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugins/woocommerce-beta-tester/changelog/update-qit-false-positive Normal file
View File

@ -0,0 +1,4 @@
Significance: patch
Type: dev
Whitelist line with maybe_unserialize() function call from QIT security tests.

3
plugins/woocommerce-beta-tester/includes/class-wc-beta-tester-import-export.php
View File

@ -78,7 +78,7 @@ class WC_Beta_Tester_Import_Export {
// show error/update messages. // show error/update messages.
if ( ! empty( $this->message ) ) { if ( ! empty( $this->message ) ) {
?> ?>
<div class="notice <div class="notice
<?php <?php
echo ! empty( $this->message['type'] ) ? esc_attr( $this->message['type'] ) : ''; echo ! empty( $this->message['type'] ) ? esc_attr( $this->message['type'] ) : '';
?> ?>
@ -172,6 +172,7 @@ class WC_Beta_Tester_Import_Export {
if ( ! isset( $settings[ $option_name ] ) ) { if ( ! isset( $settings[ $option_name ] ) ) {
continue; continue;
} }
// nosemgrep scanner.php.wp.security.object-injection, audit.php.wp.security.object-injection
$setting = maybe_unserialize( $settings[ $option_name ] ); $setting = maybe_unserialize( $settings[ $option_name ] );
if ( is_null( $setting ) ) { if ( is_null( $setting ) ) {
delete_option( $option_name ); delete_option( $option_name );