Skip to content

Commit

Permalink
escape template name, id and image
Browse files Browse the repository at this point in the history
  • Loading branch information
@8ivek
8ivek committed Aug 19, 2021
1 parent 5abcd45 commit 1fa48d6
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions admin/partials/yapt-admin-add-page.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,8 +74,8 @@
?>
<div class="yapt_template_item">
<label>
<input type="radio" name="template_id" value="<?php echo $template['id'] ?>" checked="checked"/>
<img src="<?php echo YAPT_PLUGIN_URL . 'templates/' . $template['template_name'] . '/' . $template['image']; ?>"/>
<input type="radio" name="template_id" value="<?php echo esc_html($template['id']); ?>" checked="checked"/>
<img src="<?php echo YAPT_PLUGIN_URL . 'templates/' . esc_html($template['template_name']) . '/' . esc_html($template['image']); ?>"/>
</label>
</div>
<?php
Expand Down
4 changes: 2 additions & 2 deletions admin/partials/yapt-admin-edit.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,13 +77,13 @@
?>
<div class="yapt_template_item">
<label>
<input type="radio" name="template_id" value="<?php echo $template['id'] ?>" <?php
<input type="radio" name="template_id" value="<?php echo esc_html($template['id']); ?>" <?php
if ($template['id'] === $this->price_table->item['template_id']) {
echo "checked='checked'";
}
?> />
<img
src="<?php echo YAPT_PLUGIN_URL . 'templates/' . $template['template_name'] . '/' . $template['image']; ?>"/>
src="<?php echo YAPT_PLUGIN_URL . 'templates/' . esc_html($template['template_name']) . '/' . esc_html($template['image']); ?>"/>
</label>
</div>
<?php
Expand Down

0 comments on commit 1fa48d6

Please sign in to comment.