This is a public repository for the Social Warfare WordPress plugin created primarily for the purpose of publishing and maintaining a public list of bugs, known issues, and feature requests with the community at large.
Implemented stricter attribute sanitization in SWP_Buttons_Panel_Shortcode class to enhance security and mitigate the risk of cross-site scripting (XSS) attacks through shortcode attributes. This update introduces a more rigorous sanitization process for all attributes passed through the shortcode handling mechanism. The sanitize_attributes method now applies basic sanitization using sanitize_text_field, followed by a secondary sanitization step using a regex pattern to remove any remaining special characters that could be used in malicious injections.
Enhanced sanitize_attributes method in SWP_Buttons_Panel_Shortcode class
Added regex pattern to remove special characters from attribute values after initial sanitization
= 4.4.6.2 (3 Apr 2024) =
sanitize_attributes
method now applies basic sanitization usingsanitize_text_field
, followed by a secondary sanitization step using a regex pattern to remove any remaining special characters that could be used in malicious injections.sanitize_attributes
method in SWP_Buttons_Panel_Shortcode class