Skip to content

Commit

Permalink
Fixed Cross-Site Scripting Vulnerability CVE-2024-11371.
Browse files Browse the repository at this point in the history
  • Loading branch information
slimndap committed Nov 20, 2024
1 parent 8ec728b commit b25cbf7
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions functions/wpt_productions_list_table.php
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,7 @@ function get_productions_args_from_dates_dropdown() {
*
* @since 0.15
* @since 0.15.4 Removed the 'paged' query var when switching views.
* @since 0.18.7 Fixed Cross-Site Scripting Vulnerability CVE-2024-11371.
* @return array The views.
*/
function get_views() {
Expand All @@ -329,7 +330,7 @@ function get_views() {
$view_url = remove_query_arg( 'paged', $view_url );

ob_start();
?><a href="<?php echo $view_url;?>" <?php if ( empty( $_REQUEST['post_status'] ) ) { ?> class="current"<?php } ?>><?php _e( 'All' ); ?></a><?php
?><a href="<?php echo esc_url( $view_url );?>" <?php if ( empty( $_REQUEST['post_status'] ) ) { ?> class="current"<?php } ?>><?php _e( 'All' ); ?></a><?php
$views['all'] = ob_get_clean();

$views_available = array(
Expand All @@ -345,7 +346,7 @@ function get_views() {
$view_url = remove_query_arg( 'paged', $view_url );

ob_start();
?><a href="<?php echo $view_url;?>" <?php if ( ! empty( $_REQUEST['post_status'] ) && $key == $_REQUEST['post_status'] ) { ?> class="current"<?php } ?>><?php echo $val;
?><a href="<?php echo esc_url( $view_url );?>" <?php if ( ! empty( $_REQUEST['post_status'] ) && $key == $_REQUEST['post_status'] ) { ?> class="current"<?php } ?>><?php echo $val;
?><span class="count"> (<?php echo $num_posts->{$key};?>)</span>
</a><?php
$views[ $key ] = ob_get_clean();
Expand Down

0 comments on commit b25cbf7

Please sign in to comment.