Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Properly escape tax class filter in legacy v3 REST API /taxes endpoint

This commit is contained in:
Jorge A. Torres 2022-04-14 15:09:55 -03:00
parent fbd38e5a90
commit c1dcab5725
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plugins/woocommerce/includes/legacy/api/v3/class-wc-api-taxes.php
View File

@ -411,7 +411,7 @@ class WC_API_Taxes extends WC_API_Resource {
// Filter by tax class
if ( ! empty( $args['tax_rate_class'] ) ) {
$tax_rate_class = 'standard' !== $args['tax_rate_class'] ? sanitize_title( $args['tax_rate_class'] ) : '';
$tax_rate_class = esc_sql( 'standard' !== $args['tax_rate_class'] ? sanitize_title( $args['tax_rate_class'] ) : '' );
$query .= " AND tax_rate_class = '$tax_rate_class'";
}