WordPress.org
Get WordPress

Plugin Directory

Changeset 3480124


Ignore:
Timestamp:
03/11/2026 12:55:56 PM (3 weeks ago)
Author:
manu225
Message:

Adding html_entity_decode for security on description

File:
1 edited

Legend:

Unmodified
Added
Removed

  • wp-open-street-map/tags/1.35/wp_openstreetmap.php

    r3479996 r3480124  
    332332                                    $coords = explode(',', $_POST['icon_coords'][$i]);
    333333
    334                                     $query = $wpdb->prepare( $q, stripslashes_deep(sanitize_text_field($_POST['icon_name'][$i])), stripslashes_deep(wp_kses_post($_POST['icon_description'][$i])), sanitize_text_field($_POST['icon_url'][$i]), floatval($coords[1]), floatval($coords[0]), intval($_GET['id']));
     334                                    $query = $wpdb->prepare( $q, stripslashes_deep(sanitize_text_field($_POST['icon_name'][$i])), stripslashes_deep(wp_kses_post(html_entity_decode($_POST['icon_description'][$i]))), sanitize_text_field($_POST['icon_url'][$i]), floatval($coords[1]), floatval($coords[0]), intval($_GET['id']));
    335335
    336336                                    $wpdb->query( $query );
Note: See TracChangeset for help on using the changeset viewer.