Skip to content

Commit 950c46b

Browse files
committed
Fix potential security issue
1 parent 44c2803 commit 950c46b

4 files changed

+9
-9
lines changed

Diff for: classes/class-aal-activity-log-list-table.php

+4-4
Original file line numberDiff line numberDiff line change
@@ -202,16 +202,16 @@ public function column_label( $item ) {
202202
}
203203

204204
public function column_description( $item ) {
205-
$return = $item->object_name;
205+
$return = esc_html( $item->object_name );
206206

207207
switch ( $item->object_type ) {
208208
case 'Post' :
209-
$return = sprintf( '<a href="%s">%s</a>', get_edit_post_link( $item->object_id ), $item->object_name );
209+
$return = sprintf( '<a href="%s">%s</a>', get_edit_post_link( $item->object_id ), esc_html( $item->object_name ) );
210210
break;
211211

212212
case 'Taxonomy' :
213213
if ( ! empty( $item->object_id ) )
214-
$return = sprintf( '<a href="%s">%s</a>', get_edit_term_link( $item->object_id, $item->object_subtype ), $item->object_name );
214+
$return = sprintf( '<a href="%s">%s</a>', get_edit_term_link( $item->object_id, $item->object_subtype ), esc_html( $item->object_name ) );
215215
break;
216216

217217
case 'Comments' :
@@ -224,7 +224,7 @@ public function column_description( $item ) {
224224
if ( 'all' === $item->object_name ) {
225225
$return = __( 'All', 'aryo-activity-log' );
226226
} else {
227-
$pt = get_post_type_object( $item->object_name );
227+
$pt = get_post_type_object( $item->object_name );
228228
$return = ! empty( $pt->label ) ? $pt->label : $item->object_name;
229229
}
230230
break;

Diff for: hooks/class-aal-hook-attachment.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ protected function _add_log_attachment( $action, $attachment_id ) {
1111
'object_type' => 'Attachment',
1212
'object_subtype' => $post->post_type,
1313
'object_id' => $attachment_id,
14-
'object_name' => get_the_title( $post->ID ),
14+
'object_name' => esc_html( get_the_title( $post->ID ) ),
1515
) );
1616
}
1717

@@ -35,4 +35,4 @@ public function __construct() {
3535
parent::__construct();
3636
}
3737

38-
}
38+
}

Diff for: hooks/class-aal-hook-comments.php

+2-2
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ protected function _add_comment_log( $id, $action, $comment = null ) {
1111
'action' => $action,
1212
'object_type' => 'Comments',
1313
'object_subtype' => get_post_type( $comment->comment_post_ID ),
14-
'object_name' => get_the_title( $comment->comment_post_ID ),
14+
'object_name' => esc_html( get_the_title( $comment->comment_post_ID ) ),
1515
'object_id' => $id,
1616
) );
1717
}
@@ -71,4 +71,4 @@ public function __construct() {
7171
parent::__construct();
7272
}
7373

74-
}
74+
}

Diff for: hooks/class-aal-hook-posts.php

+1-1
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
class AAL_Hook_Posts extends AAL_Hook_Base {
55

66
protected function _draft_or_post_title( $post = 0 ) {
7-
$title = get_the_title( $post );
7+
$title = esc_html( get_the_title( $post ) );
88

99
if ( empty( $title ) )
1010
$title = __( '(no title)', 'aryo-activity-log' );

0 commit comments

Comments
 (0)