WordPress.org
Get WordPress

Plugin Directory

Changeset 2463917


Ignore:
Timestamp:
01/27/2021 10:03:34 PM (5 years ago)
Author:
paybright
Message:

Data sanitization for input fields

File:
1 edited

Legend:

Unmodified
Added
Removed

  • paybright/trunk/WCGatewayPayBright.php

    r2363329 r2463917  
    456456                echo "<form id='pb_form' method='post' action='$url'>\n";
    457457                foreach ($post_data as $key => $value) {
    458                     echo "<input type='hidden' name='$key' value='$value'><br>";
     458                    $sanitizedValue = htmlspecialchars($value, ENT_QUOTES);
     459                    echo "<input type=\"hidden\" name=\"$key\" value=\"$sanitizedValue\"><br>";
    459460                }
    460461                echo  "</form><script type=\"text/javascript\">document.getElementById(\"pb_form\").submit();</script>";
Note: See TracChangeset for help on using the changeset viewer.