From aac9bbe2e56bd0f7abb6ecbba544c6a50e90f04a Mon Sep 17 00:00:00 2001
From: Kunal Nagar <2741371+kunalnagar@users.noreply.github.com>
Date: Sun, 21 Jul 2024 16:30:02 -0400
Subject: [PATCH] fix: Vuln in admin notices (#84)

* Initial commit

* Updates
---
 admin/AdminClass.php | 4 ++--
 custom-404-pro.php   | 2 +-
 readme.txt           | 5 ++++-
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/admin/AdminClass.php b/admin/AdminClass.php
index 8fe5ed4..c408fad 100755
--- a/admin/AdminClass.php
+++ b/admin/AdminClass.php
@@ -55,9 +55,9 @@ public function custom_404_pro_notices() {
 		$html        = '';
 		if ( current_user_can( 'administrator' ) ) {
 			if ( array_key_exists( 'c4pmessage', $_REQUEST ) ) {
-				$message = urldecode( sanitize_text_field( $_REQUEST['c4pmessage'] ) );
+				$message = esc_html( urldecode( sanitize_text_field( $_REQUEST['c4pmessage'] ) ) );
 				if ( array_key_exists( 'c4pmessageType', $_REQUEST ) ) {
-					$messageType = sanitize_text_field( $_REQUEST['c4pmessageType'] );
+					$messageType = esc_html( sanitize_text_field( $_REQUEST['c4pmessageType'] ) );
 				}
 				$html .= '<div class="notice notice-' . $messageType . ' is-dismissible">';
 				$html .= '<p>' . $message . '</p>';
diff --git a/custom-404-pro.php b/custom-404-pro.php
index 8365873..f7fa247 100755
--- a/custom-404-pro.php
+++ b/custom-404-pro.php
@@ -4,7 +4,7 @@
 Plugin Name: Custom 404 Pro
 Plugin URI: https://wordpress.org/plugins/custom-404-pro/
 Description: Override the default 404 page with any page or a custom URL from the Admin Panel.
-Version: 3.11.1
+Version: 3.11.2
 Author: Kunal Nagar
 Author URI: https://www.kunalnagar.in
 License: GPL-2.0+
diff --git a/readme.txt b/readme.txt
index f92a237..24d8657 100755
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@ Donate link: https://www.paypal.me/kunalnagar88/10
 Tags: wordpress, 404, 404 error page, 404 link, 404 page, broken link, custom 404, custom 404 error, custom 404 error page, custom 404 page, customize 404, customize 404 error page, customize 404 page, error, error page, missing, page, page not found, page not found error
 Requires at least: 3.0.1
 Tested up to: 6.5
-Stable tag: 3.11.1
+Stable tag: 3.11.2
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -55,6 +55,9 @@ Uninstall the plugin from the Plugins page (important!) and reinstall it. Never
 
 == Changelog ==
 
+= 3.11.2 =
+* Fix vuln in admin notices
+
 = 3.11.1 =
 * Fix broken Delete logs link