Context Navigation

Changeset 2763332

Timestamp:

07/29/2022 09:18:42 AM (4 years ago)

Author:

visser

Message:

Location:

woocommerce-product-importer/trunk

Files:

r2733159	r2763332
4	4	* Plugin URI: https://visser.com.au/woocommerce/plugins/product-importer/
5	5	* Description: Import Products, Categories, Tags and product images into your WooCommerce store from simple formatted files (e.g. CSV, TSV, TXT, etc.).
6		* Version: 1.5.2
	6	* Version: 1.5.4
7	7	* Author: Visser Labs
8	8	* Author URI: https://visser.com.au/about/

-                      r2733159
+                      r2763332
 Tags: woocommerce import, woocommerce product import, woocommerce import products, woocommerce import categories, import woocommerce products, product import, csv, excel
 Requires at least: 2.9.2
 Tested up to: 6.0
 Stable tag: 1.5.3
+Tested up to: 6.0.1
+Stable tag: 1.5.4
 License: GPLv2 or later
 …
 == Changelog ==
+= 1.5.4 =
+* Fixed: XSS vulnerability when previewing import files (thanks for reporting)
 = 1.5.3 =
 * Fixed: Sanitize GET and POST form attributes (thanks for reporting)

-                      r1091524
+                      r2763332
                     <th class="vertical-align-middle text-align-right" valign="top">
                         <input type="hidden" name="column[]" value="<?php echo $key+1; ?>" />
                         <code><?php echo $cell; ?></code>
+                        <code><?php echo esc_attr( $cell ); ?></code>
                     </th>
                     <td class="vertical-align-middle text-align-center column-equals"><strong>=</strong></td>
 …
                     </td>
                     <td class="vertical-align-middle">
                         <code><?php echo woo_pi_format_cell_preview( $second_row[$key], $key, $cell ); ?></code>
+                        <code><?php echo esc_attr( woo_pi_format_cell_preview( $second_row[$key], $key, $cell ) ); ?></code>
                     </td>
                 </tr>

Note: See TracChangeset for help on using the changeset viewer.