From 4fb99af5304257ce0a5adf0df78f02b59755c2df Mon Sep 17 00:00:00 2001
From: Jon Waldstein <jon@givewp.com>
Date: Tue, 3 Dec 2024 12:08:48 -0500
Subject: [PATCH] Fix: sanitize migration param url (#7634)

Co-authored-by: Jon Waldstein <jonwaldstein@jwaldstein-mbp.mynetworksettings.com>
---
 src/Framework/Migrations/Controllers/ManualMigration.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Framework/Migrations/Controllers/ManualMigration.php b/src/Framework/Migrations/Controllers/ManualMigration.php
index 1693d95e6c..c7cde44625 100644
--- a/src/Framework/Migrations/Controllers/ManualMigration.php
+++ b/src/Framework/Migrations/Controllers/ManualMigration.php
@@ -36,16 +36,17 @@ public function __construct(MigrationsRegister $migrationsRegister)
     }
 
     /**
+     * @unreleased sanitize params
      * @since 2.9.2
      */
     public function __invoke()
     {
         if ( ! empty($_GET['give-run-migration'])) {
-            $migrationToRun = $_GET['give-run-migration'];
+            $migrationToRun = give_clean($_GET['give-run-migration']);
         }
 
         if ( ! empty($_GET['give-clear-update'])) {
-            $migrationToClear = $_GET['give-clear-update'];
+            $migrationToClear = give_clean($_GET['give-clear-update']);
         }
 
         $hasMigration = isset($migrationToRun) || isset($migrationToClear);