asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sanitize instead of escape inputs

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-06 19:03:26 +09:00
parent 0c9a9dc104
commit f07f42b5c9
2 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/importers/class-sp-importer.php
View File

@@ -231,7 +231,7 @@ if ( class_exists( 'WP_Importer' ) ) {
if ( file_exists( ABSPATH . $_POST['file_url'] ) ) {
$this->file_url = esc_attr( $_POST['file_url'] );
$this->file_url = sanitize_url( $_POST['file_url'] );
} else {