Escape input values when importing

2015-10-05 12:26:31 +11:00
parent 46426eea17
commit 0b8edb70a3
1 changed files with 1 additions and 1 deletions
--- a/includes/admin/importers/class-sp-importer.php
+++ b/includes/admin/importers/class-sp-importer.php
@@ -152,7 +152,7 @@ if ( class_exists( 'WP_Importer' ) ) {
 									<tr>
 										<?php $index = 0; foreach ( $this->columns as $key => $label ): $value = sp_array_value( $row, $index ); ?>
 											<td>
-												<input type="text" class="widefat" value="<?php echo $value; ?>" name="sp_import[]">
+												<input type="text" class="widefat" value="<?php echo esc_attr( $value ); ?>" name="sp_import[]">
 											</td>
 										<?php $index ++; endforeach; ?>
 										<td class="sp-actions-column">