Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improve password sanitization in WC_Settings_API, closes #8627 

@mikejolley
This commit is contained in:
Claudio Sanches 2015-07-21 18:37:12 -03:00
parent d36970aad8
commit c95988bc8a
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
includes/abstracts/abstract-wc-settings-api.php
View File

@ -3,7 +3,7 @@
* Admin Settings API used by Shipping Methods and Payment Gateways * Admin Settings API used by Shipping Methods and Payment Gateways
* *
* @class WC_Settings_API * @class WC_Settings_API
* @version 2.3.0 * @version 2.4.0
* @package WooCommerce/Abstracts * @package WooCommerce/Abstracts
* @category Abstract Class * @category Abstract Class
* @author WooThemes * @author WooThemes
@ -849,12 +849,13 @@ abstract class WC_Settings_API {
$text = $this->get_option( $key ); $text = $this->get_option( $key );
$field = $this->get_field_key( $key ); $field = $this->get_field_key( $key );
$value = trim( stripslashes( $_POST[ $field ] ) );
if ( isset( $_POST[ $field ] ) ) { if ( isset( $_POST[ $field ] ) ) {
$text = wc_clean( stripslashes( $_POST[ $field ] ) ); $text = wp_kses_post( $value );
} }
return $text; return $text === $value ? $text : '';
} }
/** /**