fixed missing sanitization

InstaWP · Aug 14, 2024 · 46c7611 · 46c7611
1 parent 1f58210
commit 46c7611
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 5 deletions.
diff --git a/docs/readme.txt b/docs/readme.txt
@@ -4,8 +4,8 @@ Author URI: https://instawp.com/?utm_source=sl_plugin_author
 Plugin URI: http://wordpress.org/plugins/string-locator/
 Tags: text, search, find, syntax, highlight
 Requires at least: 4.9
-Tested up to: 6.5
-Stable tag: 2.6.5
+Tested up to: 6.6
+Stable tag: 2.6.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -46,6 +46,10 @@ When writing your search string, make sure to wrap your search in forward slashe
 
 == Changelog ==
 
+= 2.6.6 (2024-08-14) =
+* Fixed missing URL input sanitization.
+* Verified compatibility with WordPress 6.6
+
 = 2.6.5 (2024-03-12) =
 * Verified compatibility with WordPress 6.5
 

diff --git a/includes/Extension/SQL/views/editor/sql.php b/includes/Extension/SQL/views/editor/sql.php
@@ -35,11 +35,11 @@
 
 $format = 'string';
 
-if ( is_serialized( $row->{ $_GET['sql-column'] }, true ) ) {
+if ( is_serialized( $row->{ esc_html( $_GET['sql-column'] ) }, true ) ) {
 	$format = 'serialized';
 }
 
-$editor_content = $row->{ $_GET['sql-column'] };
+$editor_content = $row->{ esc_html( $_GET['sql-column'] ) };
 ?>
 <form id="string-locator-edit-form" class="string-locator-editor-wrapper">
 	<?php wp_nonce_field( 'wp_rest' ); ?>

diff --git a/string-locator.php b/string-locator.php
@@ -3,7 +3,7 @@
  * Plugin Name: String Locator
  * Plugin URI: https://wordpress.org/plugins/string-locator/
  * Description: Scan through theme and plugin files looking for text strings
- * Version: 2.6.5
+ * Version: 2.6.6
  * Author: InstaWP
  * Author URI: https://instawp.com/
  * Text Domain: string-locator