Value not escaped | WordPress.org

Resolved Andy McCoy
(@andymax)

7 years, 4 months ago

Hi,

The value in this input-box is not escaped:

<input type=”hidden” class=”current_product_name” value=””>

Great plugin!

Best/
Andy

Viewing 3 replies - 1 through 3 (of 3 total)

Dualcube
(@dualcube)

7 years, 4 months ago

Hi Andy,

Can you please help me by pointing the exact issue that you are facing here? Be rest assured we will address that quickly.

Thanks,

Team Dualcube
Thread Starter Andy McCoy
(@andymax)

7 years, 4 months ago
Hi,

It’s html encoding of the producttitle that is missing. If the producttitle contains double quotes it will give really starnge results.

I found the it here:

..\classes\class-woo-product-stock-alert-frontend.php:

Line 147: <input type="hidden" class="current_product_name" value="'.$product->post->post_title.'" />

Line 155: <input type="hidden" class="current_product_name" value="'.$product->post->post_title.'" />

It hould probably be something like this to solve the problem:

Line 147: <input type="hidden" class="current_product_name" value="'.htmlentities($product->post->post_title).'" />

Line 155: <input type="hidden" class="current_product_name" value="'.htmlentities($product->post->post_title).'" />

Best/
Andy
- This reply was modified 7 years, 4 months ago by Andy McCoy.
Dualcube
(@dualcube)

7 years, 4 months ago

Hi Andy,

That was really helpful and we will keep this small points in mind while moving ahead for the next update.

Once again, thanks a lot for your valuable input.

Regards,
Team Dualcube

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Value not escaped’ is closed to new replies.

Tags

esc

In: Plugins
3 replies
2 participants
Last reply from: Dualcube
Last activity: 7 years, 4 months ago
Status: resolved