Skip to content

Commit

Permalink
Admin: Fix XSS in generated JS
Browse files Browse the repository at this point in the history
  • Loading branch information
jakubboucek committed Apr 30, 2021
1 parent 9f2d2ae commit 40f0e81
Showing 1 changed file with 21 additions and 25 deletions.
46 changes: 21 additions & 25 deletions src/Admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -154,34 +154,30 @@ public function remove_quick_edit( $actions, $post ) {
public function publishing_actions() {
$mg_post_type = 'ssc_group';
global $post;
if ( $post && $post->post_type == $mg_post_type ) {
echo '<style type="text/css">
.misc-pub-section.misc-pub-visibility,
.misc-pub-section.curtime
{
display:none;
}
</style>';
} ?>

$group = new Group();
$groups = $group->get_groups();

$outputGroups = [[ 'text' => __( 'Doesn\'t matter', 'simpleshop-cz' ), 'value' => '' ]];

foreach ( $groups as $value => $text ) {
$outputGroups[] = [ 'text' => $text, 'value' => (string)$value ];
}
?>

<?php if ( $post && $post->post_type === $mg_post_type ) : ?>
<style type="text/css">
.misc-pub-section.misc-pub-visibility,
.misc-pub-section.curtime {
display: none;
}
</style>
<?php endif; ?>

<!-- SSC TinyMCE Shortcode Plugin -->
<script type='text/javascript'>
var sscContentGroups = [];
sscContentGroups.push({
text: '<?= esc_js( __( 'Doesn\'t matter', 'simpleshop-cz' ) )?>',
value: ''
});
<?php
$group = new Group();
$groups = $group->get_groups();
foreach ($groups as $key => $group) { ?>
sscContentGroups.push({
text: '<?= esc_js( $group ) ?>',
value: '<?= esc_js( $key ) ?>'
});
<?php } ?>
var sscContentGroups = <?= wp_json_encode( $outputGroups ) ?>;
</script>

<?php
}

Expand Down Expand Up @@ -319,7 +315,7 @@ public function enqueue_admin_scripts() {
wp_register_style( 'jquery-ui', 'https://code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css' );
wp_enqueue_style( 'jquery-ui' );

if ( 'profile' === $current_screen->id || 'user-edit' === $current_screen->id) {
if ( 'profile' === $current_screen->id || 'user-edit' === $current_screen->id ) {
wp_enqueue_script( 'jquery-ui-datepicker' );
}
}
Expand Down

0 comments on commit 40f0e81

Please sign in to comment.