From a272cda965faa33874dfc5d73c92870c83f645bf Mon Sep 17 00:00:00 2001 From: Glauber Silva Date: Thu, 7 Mar 2024 18:02:20 -0300 Subject: [PATCH] Enhancement: implements development good practices to donor dashboard shortcode (#7277) --- src/DonorDashboards/App.php | 6 ++++-- src/DonorDashboards/Shortcode.php | 3 +++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/DonorDashboards/App.php b/src/DonorDashboards/App.php index a7a5109700..c9b0667777 100644 --- a/src/DonorDashboards/App.php +++ b/src/DonorDashboards/App.php @@ -27,6 +27,8 @@ public function __construct() } /** + * @unreleased Escape attributes + * * @param array $attributes * * @return string @@ -38,7 +40,7 @@ public function getOutput($attributes) $queryArgs = []; if (isset($attributes['accent_color'])) { - $queryArgs['accent-color'] = urlencode($attributes['accent_color']); + $queryArgs['accent-color'] = urlencode(esc_attr($attributes['accent_color'])); } if (isset($_GET['give_nl'])) { @@ -55,7 +57,7 @@ public function getOutput($attributes) $url = esc_url(add_query_arg($queryArgs, $url)); - $loader = $this->getIframeLoader($attributes['accent_color']); + $loader = $this->getIframeLoader(esc_attr($attributes['accent_color'])); return sprintf( '