From 46c7611b44ab1ed09dcc8a2e5660117745920ea5 Mon Sep 17 00:00:00 2001
From: Sayan Datta <sdcreativity12@gmail.com>
Date: Wed, 14 Aug 2024 16:47:10 +0530
Subject: [PATCH] fixed missing sanitization

---
 docs/readme.txt                             | 8 ++++++--
 includes/Extension/SQL/views/editor/sql.php | 4 ++--
 string-locator.php                          | 2 +-
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/docs/readme.txt b/docs/readme.txt
index 396922c..e5bbf14 100644
--- a/docs/readme.txt
+++ b/docs/readme.txt
@@ -4,8 +4,8 @@ Author URI: https://instawp.com/?utm_source=sl_plugin_author
 Plugin URI: http://wordpress.org/plugins/string-locator/
 Tags: text, search, find, syntax, highlight
 Requires at least: 4.9
-Tested up to: 6.5
-Stable tag: 2.6.5
+Tested up to: 6.6
+Stable tag: 2.6.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -46,6 +46,10 @@ When writing your search string, make sure to wrap your search in forward slashe
 
 == Changelog ==
 
+= 2.6.6 (2024-08-14) =
+* Fixed missing URL input sanitization.
+* Verified compatibility with WordPress 6.6
+
 = 2.6.5 (2024-03-12) =
 * Verified compatibility with WordPress 6.5
 
diff --git a/includes/Extension/SQL/views/editor/sql.php b/includes/Extension/SQL/views/editor/sql.php
index 032d4ac..ac72075 100644
--- a/includes/Extension/SQL/views/editor/sql.php
+++ b/includes/Extension/SQL/views/editor/sql.php
@@ -35,11 +35,11 @@
 
 $format = 'string';
 
-if ( is_serialized( $row->{ $_GET['sql-column'] }, true ) ) {
+if ( is_serialized( $row->{ esc_html( $_GET['sql-column'] ) }, true ) ) {
 	$format = 'serialized';
 }
 
-$editor_content = $row->{ $_GET['sql-column'] };
+$editor_content = $row->{ esc_html( $_GET['sql-column'] ) };
 ?>
 <form id="string-locator-edit-form" class="string-locator-editor-wrapper">
 	<?php wp_nonce_field( 'wp_rest' ); ?>
diff --git a/string-locator.php b/string-locator.php
index 079da0b..31955cb 100644
--- a/string-locator.php
+++ b/string-locator.php
@@ -3,7 +3,7 @@
  * Plugin Name: String Locator
  * Plugin URI: https://wordpress.org/plugins/string-locator/
  * Description: Scan through theme and plugin files looking for text strings
- * Version: 2.6.5
+ * Version: 2.6.6
  * Author: InstaWP
  * Author URI: https://instawp.com/
  * Text Domain: string-locator