From 96fe4aae0b28f5fbe602a88eb18337a0b33d7079 Mon Sep 17 00:00:00 2001
From: Scott Basgaard <sbasgaard@gmail.com>
Date: Mon, 18 Nov 2013 16:32:47 +0100
Subject: [PATCH] Use wp_unslash() when displaying search string on orders.

---
 includes/admin/post-types/class-wc-admin-cpt-shop_order.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/includes/admin/post-types/class-wc-admin-cpt-shop_order.php b/includes/admin/post-types/class-wc-admin-cpt-shop_order.php
index 1547f520072..a3f37d3ba6f 100644
--- a/includes/admin/post-types/class-wc-admin-cpt-shop_order.php
+++ b/includes/admin/post-types/class-wc-admin-cpt-shop_order.php
@@ -591,7 +591,7 @@ class WC_Admin_CPT_Shop_Order extends WC_Admin_CPT {
 	    if ( $typenow != 'shop_order' ) return $query;
 		if ( ! get_query_var( 'shop_order_search' ) ) return $query;
 
-		return $_GET['s'];
+		return wp_unslash( $_GET['s'] );
 	}
 
 	/**