From 46a91c23b2fb2853cfae63900c8f47854623f442 Mon Sep 17 00:00:00 2001 From: Tamanna Ahuja Date: Wed, 22 Jun 2022 14:21:17 +0530 Subject: [PATCH] Security Issues #1080 --- shortcodes/wp-event-manager-shortcodes.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/shortcodes/wp-event-manager-shortcodes.php b/shortcodes/wp-event-manager-shortcodes.php index 8e718459..b2ab1903 100644 --- a/shortcodes/wp-event-manager-shortcodes.php +++ b/shortcodes/wp-event-manager-shortcodes.php @@ -247,7 +247,7 @@ public function event_dashboard($atts) ob_start(); - $search_order_by = isset($_GET['search_order_by']) ? $_GET['search_order_by'] : ''; + $search_order_by = isset($_GET['search_order_by']) ? sanitize_text_field($_GET['search_order_by']) : ''; if (isset($search_order_by) && !empty($search_order_by)) { $search_order_by = explode('|', $search_order_by); @@ -293,11 +293,11 @@ public function event_dashboard($atts) $events = new WP_Query($args); - echo $this->event_dashboard_message; + echo apply_filters('wp_kses_allowed_html', $this->event_dashboard_message); //display organiser delete message #905 - echo $this->organizer_dashboard_message; + echo apply_filters('wp_kses_allowed_html', $this->organizer_dashboard_message); //display venue delete message #905 - echo $this->venue_dashboard_message; + echo apply_filters('wp_kses_allowed_html', $this->venue_dashboard_message); $event_dashboard_columns = apply_filters('event_manager_event_dashboard_columns', array( @@ -1560,7 +1560,7 @@ public function output_event_organizer($atts) $organizer = $organizers->posts[0]; $paged = (get_query_var('paged')) ? get_query_var('paged') : 1; - $current_page = isset($_REQUEST['pagination']) ? $_REQUEST['pagination'] : $paged; + $current_page = isset($_REQUEST['pagination']) ? sanitize_text_field($_REQUEST['pagination']) : sanitize_text_field($paged); $per_page = 10; $today_date = date("Y-m-d"); $organizer_id = $organizer->ID;