Open IvanRF opened 9 years ago
I'm not an expert on this, but I saw you added esc_attr() on POST and GET. Shouldn't you use that also in /options/index.pnp lines 68-71?
You are right. Any information coming from any source should be escape, but annotated.
Here are some more possible exploits: /options/panel1-business-logic.php lines 94-98
Also in
Easiest way to find them is to search "$_GET" or "$_POST" in the whole project.
I'm not an expert on this, but I saw you added
esc_attr()
on POST and GET. Shouldn't you use that also in /options/index.pnp lines 68-71?