Bug: `esc_html()` should be `esc_sql()`

wpsharks / comment-mail

A WordPress plugin enabling email subscriptions for comments.

http://comment-mail.com

GNU General Public License v3.0

8 stars 3 forks source link

Bug: `esc_html()` should be `esc_sql()` #268

Closed jaswrks closed 8 years ago

jaswrks commented 8 years ago

@kristineds See this line of code. That should be esc_sql() instead of esc_html(). I suggest a full review of the codebase (i.e., search for esc_html() in that context and see if I duplicated that same bug across multiple class methods at some point. My bad!

Referencing: https://developer.wordpress.org/reference/functions/esc_sql/

raamdev commented 8 years ago

Next Release Changelog:

Bug Fix: Fixed a bug where esc_html() was being used where esc_sql() should've been used. Props @jaswsinc @kristineds. See Issue #268.

raamdev commented 8 years ago

Comment Mail v160618 has been released and includes changes from this GitHub Issue. See the v160618 announcement for further details.

This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#268).