Would you mind using escape functions. - Githubissues

michelve / software-license-manager

🔐Wordpress Software License Management. Supports WooCommerce, and WP eStore.

https://epikly.com

GNU General Public License v3.0

77 stars 27 forks source link

Would you mind using escape functions. #40

Closed k-kikuchi-waverworks closed 2 years ago

k-kikuchi-waverworks commented 3 years ago

Thank you for providing good support and creating wonderful plugin.

I found that you don't use escape functions for output strings and url.

https://developer.wordpress.org/reference/functions/esc_html__/ (Escape and translation) https://developer.wordpress.org/reference/functions/esc_html/ (Escape only) https://developer.wordpress.org/reference/functions/esc_attr__/ (Escape and translation) https://developer.wordpress.org/reference/functions/esc_attr/ (Escape only) https://developer.wordpress.org/reference/functions/esc_url/

Example <?php echo __('Order', 'softwarelicensemanager'); ?> is should be <?php echo esc_html__('Order', 'softwarelicensemanager'); ?>

When you have a time, it is better to add escape to improve security.

KIng Regards

KAZUKI

michelve commented 3 years ago

@k-kikuchi-idea-hack - thx some much for the the previous help, i am a bit busy lately with work, if you want to do a pull request i will happily accept the pull, also sorry for the delay idk why i am not receiving lately GitHub notifications