WordPress.org
Get WordPress

Plugin Directory

Changeset 2259362


Ignore:
Timestamp:
03/11/2020 08:30:00 PM (6 years ago)
Author:
jasongreen
Message:

added escapes to plug vulnerabilities

File:
1 edited

Legend:

Unmodified
Added
Removed

  • contact-form-submissions/trunk/Admin.php

    r2252208 r2259362  
    8484                <?php foreach ($forms as $post) {
    8585                ?>
    86                     <?php $selected = ($post->ID == $_GET['wpcf7_contact_form']) ? 'selected' : ''; ?>
     86                    <?php $selected = ($post->ID == esc_attr($_GET['wpcf7_contact_form'])) ? 'selected' : ''; ?>
    8787                    <option value="<?php echo $post->ID; ?>" <?php echo $selected; ?>><?php echo $post->post_title; ?></option>
    8888                <?php
     
    156156        // dynamically add cols if the user selects a form
    157157        if (isset($_GET['wpcf7_contact_form']) && !empty($_GET['wpcf7_contact_form'])) {
    158             $form_id = $_GET['wpcf7_contact_form'];
     158            $form_id = esc_attr($_GET['wpcf7_contact_form']);
    159159
    160160            $wpcf7s_columns = $this->get_available_columns($form_id);
Note: See TracChangeset for help on using the changeset viewer.