From 669eedd4639c206ad65cbdd312b1628c412ba090 Mon Sep 17 00:00:00 2001 From: Irshad Ahmad Date: Mon, 5 Aug 2024 21:04:16 +0530 Subject: [PATCH] Fix login shortcode attributes sanitization (#155) --- .changeset/khaki-lies-enjoy.md | 5 +++++ .../src/shared/partials/login-view.php | 12 ++++++++++-- 2 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 .changeset/khaki-lies-enjoy.md diff --git a/.changeset/khaki-lies-enjoy.md b/.changeset/khaki-lies-enjoy.md new file mode 100644 index 00000000..3c191ad4 --- /dev/null +++ b/.changeset/khaki-lies-enjoy.md @@ -0,0 +1,5 @@ +--- +"wptelegram-login": patch +--- + +Fixed login shortcode attributes sanitization diff --git a/plugins/wptelegram-login/src/shared/partials/login-view.php b/plugins/wptelegram-login/src/shared/partials/login-view.php index 1bbf5503..686cf443 100644 --- a/plugins/wptelegram-login/src/shared/partials/login-view.php +++ b/plugins/wptelegram-login/src/shared/partials/login-view.php @@ -42,8 +42,16 @@ $atts .= ' data-error-message="' . $error_message . '" onerror="(function(script){if(script.dataset.errorMessage){var doc=document,div=doc.createElement(\'div\'),span=doc.createElement(\'span\');span.appendChild(doc.createTextNode(script.dataset.errorMessage));div.setAttribute(\'class\', \'error-message\');div.appendChild(span);Object.assign(div.style,{overflow:\'scroll\',border:\'1px solid rgb(221, 221, 221)\',textAlign:\'center\',display:\'inline-block\',padding:\'5px\'});script.parentElement.appendChild(div);}})(this)"'; } -// phpcs:ignore WordPress.WP.EnqueuedResources -$html = ''; + +$html = sprintf( + // phpcs:ignore WordPress.WP.EnqueuedResources + '', + esc_attr( WPTG_Login()->version() ), + esc_attr( $login_options['bot_username'] ), + esc_attr( ( $login_options['button_style'] ) ), + esc_url( $login_options['callback_url'] ), + $atts +); ?>