Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Reverse html encoding and pass through strip tags as tiptip runs encoded html, avoids xss

This commit is contained in:
Gerhard 2015-03-13 08:35:33 +02:00
parent a66d627c70
commit c3a9c027b9
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/admin/class-wc-admin-post-types.php
View File

@ -477,9 +477,8 @@ class WC_Admin_Post_Types {
break;
case 'customer_message' :
if ( $the_order->customer_message ) {
echo '<span class="note-on tips" data-tip="' . esc_attr( $the_order->customer_message ) . '">' . __( 'Yes', 'woocommerce' ) . '</span>';
echo '<span class="note-on tips" data-tip="' . esc_attr( strip_tags( html_entity_decode( $the_order->customer_message ) ) ) . '">' . __( 'Yes', 'woocommerce' ) . '</span>';
} else {
echo '<span class="na">&ndash;</span>';
}
@ -536,7 +535,8 @@ class WC_Admin_Post_Types {
if ( $post->comment_count ) {
// check the status of the post
$status = ( 'trash' !== $post->post_status ) ? '' : 'post-trashed';
( $post->post_status !== 'trash' ) ? $status = '' : $status = 'post-trashed';
$latest_notes = get_comments( array(
'post_id' => $post->ID,
'number' => 1,