Skip to content
Permalink
Browse files

Fix XSS

  • Loading branch information...
Laxa committed Dec 19, 2017
1 parent df10778 commit aee26df15319e69a03f16e778ef7c862341a83dc
Showing with 3 additions and 3 deletions.
  1. +3 −3 src/PostTypes/Password.php
@@ -112,11 +112,11 @@ public function password_columns_content( $column_name, $post_id ) {
$password = new SinglePassword( $post_id );
switch ( $column_name ) {
case 'password':
echo "<a class=\"row-title\" href='" . esc_url( get_edit_post_link( $post_id ) ) . "'>" . $password->get_original_password() . "</a>";
echo "<a class=\"row-title\" href='" . esc_url( get_edit_post_link( $post_id ) ) . "'>" . esc_html( $password->get_original_password() ) . "</a>";
break;
case 'status':
if ( $password->used() ) {
echo sprintf( __('Password changed to <strong>%s</strong>', 'wp-site-protect'), $password->get_current_password() );
echo sprintf( __('Password changed to <strong>%s</strong>', 'wp-site-protect'), esc_html( $password->get_current_password() ) );
} else {
echo __('Not being used.', 'wp-site-protect');
}
@@ -141,7 +141,7 @@ public function render_password_details_metabox( $post, $metabox) {
$password = new SinglePassword( $post );
?>
<p><strong><?php esc_html_e('Original Password:', 'wp-site-protect') ?></strong> <?php echo $password->get_original_password() ?>
<p><strong><?php esc_html_e('Original Password:', 'wp-site-protect') ?></strong> <?php echo esc_html( $password->get_original_password() ) ?>
<p><strong><?php esc_html_e('Password Hash:', 'wp-site-protect') ?></strong> <?php echo $password->get_hashed_password() ?></p>
<?php if ( ! $password->used() ) :?>
<p><?php _e('This password was never been used.', 'wp-site-protect' ) ?></p>

0 comments on commit aee26df

Please sign in to comment.
You can’t perform that action at this time.