Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix potential security issue
  • Loading branch information
KingYes committed Mar 8, 2018
1 parent 44c2803 commit 950c46b
Show file tree
Hide file tree
Showing 4 changed files with 9 additions and 9 deletions.
8 changes: 4 additions & 4 deletions classes/class-aal-activity-log-list-table.php
Expand Up @@ -202,16 +202,16 @@ public function column_label( $item ) {
}

public function column_description( $item ) {
$return = $item->object_name;
$return = esc_html( $item->object_name );

switch ( $item->object_type ) {
case 'Post' :
$return = sprintf( '<a href="%s">%s</a>', get_edit_post_link( $item->object_id ), $item->object_name );
$return = sprintf( '<a href="%s">%s</a>', get_edit_post_link( $item->object_id ), esc_html( $item->object_name ) );
break;

case 'Taxonomy' :
if ( ! empty( $item->object_id ) )
$return = sprintf( '<a href="%s">%s</a>', get_edit_term_link( $item->object_id, $item->object_subtype ), $item->object_name );
$return = sprintf( '<a href="%s">%s</a>', get_edit_term_link( $item->object_id, $item->object_subtype ), esc_html( $item->object_name ) );
break;

case 'Comments' :
Expand All @@ -224,7 +224,7 @@ public function column_description( $item ) {
if ( 'all' === $item->object_name ) {
$return = __( 'All', 'aryo-activity-log' );
} else {
$pt = get_post_type_object( $item->object_name );
$pt = get_post_type_object( $item->object_name );
$return = ! empty( $pt->label ) ? $pt->label : $item->object_name;
}
break;
Expand Down
4 changes: 2 additions & 2 deletions hooks/class-aal-hook-attachment.php
Expand Up @@ -11,7 +11,7 @@ protected function _add_log_attachment( $action, $attachment_id ) {
'object_type' => 'Attachment',
'object_subtype' => $post->post_type,
'object_id' => $attachment_id,
'object_name' => get_the_title( $post->ID ),
'object_name' => esc_html( get_the_title( $post->ID ) ),
) );
}

Expand All @@ -35,4 +35,4 @@ public function __construct() {
parent::__construct();
}

}
}
4 changes: 2 additions & 2 deletions hooks/class-aal-hook-comments.php
Expand Up @@ -11,7 +11,7 @@ protected function _add_comment_log( $id, $action, $comment = null ) {
'action' => $action,
'object_type' => 'Comments',
'object_subtype' => get_post_type( $comment->comment_post_ID ),
'object_name' => get_the_title( $comment->comment_post_ID ),
'object_name' => esc_html( get_the_title( $comment->comment_post_ID ) ),
'object_id' => $id,
) );
}
Expand Down Expand Up @@ -71,4 +71,4 @@ public function __construct() {
parent::__construct();
}

}
}
2 changes: 1 addition & 1 deletion hooks/class-aal-hook-posts.php
Expand Up @@ -4,7 +4,7 @@
class AAL_Hook_Posts extends AAL_Hook_Base {

protected function _draft_or_post_title( $post = 0 ) {
$title = get_the_title( $post );
$title = esc_html( get_the_title( $post ) );

if ( empty( $title ) )
$title = __( '(no title)', 'aryo-activity-log' );
Expand Down

0 comments on commit 950c46b

Please sign in to comment.