Antoine/homegrade_theme_production
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX sanitizing titles and anchors in chapter index for improved security. using stirp tags instead of esc_html
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Antoine M 2025-05-14 15:32:46 +02:00
parent 349d20686f
commit ded284d708
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
includes/utilities.php
View File

@ -196,8 +196,8 @@ function build_page_chapter_index($blocks)
if ($block['blockName'] == 'homegrade-content-blocks/content-heading' && isset($block['attrs']['title']) && isset($block['attrs']['headingLevel']) && $block['attrs']['headingLevel'] == "h2") { if ($block['blockName'] == 'homegrade-content-blocks/content-heading' && isset($block['attrs']['title']) && isset($block['attrs']['headingLevel']) && $block['attrs']['headingLevel'] == "h2") {
array_push($chapterBlockIndex, [ array_push($chapterBlockIndex, [
'block-type' => $block['blockName'], 'block-type' => $block['blockName'],
'anchor' => "#" . esc_html($block['attrs']['idName']), 'anchor' => "#" . strip_tags($block['attrs']['idName']),
'title' => esc_html($block['attrs']['title']), 'title' => strip_tags($block['attrs']['title']),
]); ]);
} }
if ($block['blockName'] == 'homegrade-content-blocks/chapitrage-thematique') { if ($block['blockName'] == 'homegrade-content-blocks/chapitrage-thematique') {
@ -255,7 +255,7 @@ function build_page_chapter_index($blocks)
array_push($chapterBlockIndex, [ array_push($chapterBlockIndex, [
'block-type' => $block['blockName'], 'block-type' => $block['blockName'],
'anchor' => "#partenaires-autres-services", 'anchor' => "#partenaires-autres-services",
'title' => __("Partenaires & autres services", "homegrade-blocks__texte-fonctionnel"), 'title' => __("Partenaires & autres services", "homegrade-blocks__texte-fonctionnel"),
]); ]);
} }
if ($block['blockName'] == 'homegrade-content-blocks/plus-loin') { if ($block['blockName'] == 'homegrade-content-blocks/plus-loin') {