Fixed String Escapes

includes/class-button-generator.php

@@ -116,7 +116,7 @@ public function html() {
 				'id'    => 'quick_buy_' . $this->product_id() . '_container',
 			) ), $this->product_id(), $this->product_type(), $this );
 			$this->html = '<div ' . $wrap_attr . ' >';
-			$this->html .= sprintf( '<%1$s %3$s>%2$s</%1$s>', $tag, $args['label'], wponion_array_to_html_attributes( $attrs ) );
+			$this->html .= sprintf( '<%1$s %3$s>%2$s</%1$s>', esc_html( $tag ), esc_html( $args['label'] ), wponion_array_to_html_attributes( $attrs ) );
 			$this->html .= '</div>';
 		}
 		return $this->html;

includes/class-button-placement.php

@@ -30,7 +30,8 @@ public function add_wc_quick_buy_chain() {
 		global $product;
 		/* @var \WC_Product $product */
 		if ( null !== $product && method_exists( $product, 'get_id' ) ) {
-			echo '<input type="hidden" id="wc_quick_buy_hook_' . $product->get_id() . '" value="' . $product->get_id() . '"  />';
+			$pid = esc_attr( $product->get_id() );
+			echo "<input type=\"hidden\" id=\"wc_quick_buy_hook_$pid\" value=\"$pid\"/>";
 		}
 	}
 

readme.txt

@@ -130,7 +130,7 @@ Please open an issue at <a href="https://github.com/varunsridharan/woocommerce-q
 == Changelog ==
 
 = 2.8.2 27/03/2021 =
-* Updated : WPOnion Framework To 1.5.7
+* Updated : WPOnion Framework To 1.5.3.7
 * Updated : VSP Framework To 0.8.9.8
 * Tested : WordPress 5.7
 * Tested : WooCommerce 5.1.0