Steve-Dee-Designs
/
woocommerce
mirror of https://github.com/woocommerce/woocommerce.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use wp_kses_post for sanitizing product names instead of esc_html

This commit is contained in:
claudiulodro 2018-11-15 11:42:22 -08:00
parent 8f145c70d7
commit d09e9eb95c
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/meta-boxes/views/html-order-item.php
View File

@ -19,7 +19,7 @@ $row_class = apply_filters( 'woocommerce_admin_html_order_item_class', ! empt
</td>
<td class="name" data-sort-value="<?php echo esc_attr( $item->get_name() ); ?>">
<?php
echo $product_link ? '<a href="' . esc_url( $product_link ) . '" class="wc-order-item-name">' . esc_html( $item->get_name() ) . '</a>' : '<div class="wc-order-item-name">' . esc_html( $item->get_name() ) . '</div>';
echo $product_link ? '<a href="' . esc_url( $product_link ) . '" class="wc-order-item-name">' . wp_kses_post( $item->get_name() ) . '</a>' : '<div class="wc-order-item-name">' . wp_kses_post( $item->get_name() ) . '</div>';
if ( $product && $product->get_sku() ) {
echo '<div class="wc-order-item-sku"><strong>' . esc_html__( 'SKU:', 'woocommerce' ) . '</strong> ' . esc_html( $product->get_sku() ) . '</div>';

2
templates/content-widget-product.php
View File

@ -30,7 +30,7 @@ if ( ! is_a( $product, 'WC_Product' ) ) {
<a href="<?php echo esc_url( $product->get_permalink() ); ?>">
<?php echo $product->get_image(); ?>
<span class="product-title"><?php echo esc_html( $product->get_name() ); ?></span>
<span class="product-title"><?php echo wp_kses_post( $product->get_name() ); ?></span>
</a>
<?php if ( ! empty( $show_rating ) ) : ?>