Skip to content

Commit 6cdc4df

Browse files
ajaydsouzaajaydsouza
committed
Fix escaping in settings forms - use wp_kses_post() for option labels
1 parent 27356d5 commit 6cdc4df

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

includes/admin/settings/class-settings-form.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -392,7 +392,7 @@ public function callback_multicheck( $args ) {
392392
$html .= sprintf(
393393
'<label for="%1$s">%2$s</label> <br />',
394394
$option_id,
395-
$option
395+
wp_kses_post( $option )
396396
);
397397
}
398398
}
@@ -432,7 +432,7 @@ public function callback_radio( $args ) {
432432
$html .= sprintf(
433433
'<label for="%1$s">%2$s</label> <br />',
434434
$option_id,
435-
esc_html( $option )
435+
wp_kses_post( $option )
436436
);
437437
}
438438

@@ -472,7 +472,7 @@ public function callback_radiodesc( $args ) {
472472
$html .= sprintf(
473473
'<label for="%1$s">%2$s: <em>%3$s</em></label>',
474474
$option_id,
475-
$option['name'],
475+
wp_kses_post( $option['name'] ),
476476
wp_kses_post( $option['description'] )
477477
);
478478

@@ -524,7 +524,7 @@ public function callback_thumbsizes( $args ) {
524524
$html .= sprintf(
525525
'<label for="%1$s">%2$s (%3$sx%4$s%5$s)</label> <br />',
526526
$option_id,
527-
$name,
527+
wp_kses_post( $name ),
528528
(int) $option['width'],
529529
(int) $option['height'],
530530
(bool) $option['crop'] ? ' cropped' : ''

0 commit comments

Comments
 (0)