Skip to content

Commit d847010

Browse files
fix: sanitize attributes to prevent XSS
1 parent c49d906 commit d847010

1 file changed

Lines changed: 7 additions & 7 deletions

File tree

includes/abstract/feedzy-rss-feeds-admin-abstract.php

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1693,11 +1693,11 @@ private function get_feed_item_filter( $sc, $sizes, $item, $feed_url, $index, $i
16931693
$img_style = '';
16941694

16951695
if ( isset( $sizes['height'] ) && is_numeric( $sizes['height'] ) ) {
1696-
$img_style .= 'height:' . $sizes['height'] . 'px;';
1696+
$img_style .= 'height:' . esc_attr( $sizes['height'] ) . 'px;';
16971697
}
16981698

16991699
if ( isset( $sc['aspectRatio'] ) && '1' !== $sc['aspectRatio'] ) {
1700-
$img_style .= 'aspect-ratio:' . $sc['aspectRatio'] . '; object-fit: fill;';
1700+
$img_style .= 'aspect-ratio:' . esc_attr( $sc['aspectRatio'] ) . '; object-fit: fill;';
17011701
}
17021702

17031703
if (
@@ -1713,10 +1713,10 @@ private function get_feed_item_filter( $sc, $sizes, $item, $feed_url, $index, $i
17131713
)
17141714
)
17151715
) {
1716-
$img_style .= 'width:' . $sizes['width'] . 'px;';
1716+
$img_style .= 'width:' . esc_attr( $sizes['width'] ) . 'px;';
17171717
}
17181718

1719-
$content_thumb .= '<img decoding="async" src="' . $thumbnail_to_use . '" title="' . esc_attr( $item->get_title() ) . '" style="' . $img_style . '">';
1719+
$content_thumb .= '<img decoding="async" src="' . esc_url( $thumbnail_to_use ) . '" title="' . esc_attr( $item->get_title() ) . '" style="' . esc_attr( $img_style ) . '">';
17201720
$content_thumb = apply_filters( 'feedzy_thumb_output', $content_thumb, $feed_url, $sizes, $item );
17211721
}
17221722

@@ -1874,11 +1874,11 @@ private function get_feed_item_filter( $sc, $sizes, $item, $feed_url, $index, $i
18741874

18751875
$img_style = '';
18761876
if ( isset( $sizes['height'] ) ) {
1877-
$img_style = 'height:' . $sizes['height'] . 'px;';
1877+
$img_style = 'height:' . esc_attr( $sizes['height'] ) . 'px;';
18781878
if ( isset( $sc['aspectRatio'] ) && '1' !== $sc['aspectRatio'] ) {
1879-
$img_style .= 'aspect-ratio:' . $sc['aspectRatio'] . ';';
1879+
$img_style .= 'aspect-ratio:' . esc_attr( $sc['aspectRatio'] ) . ';';
18801880
} elseif ( isset( $sizes['width'] ) ) {
1881-
$img_style .= 'width:' . $sizes['width'] . 'px;';
1881+
$img_style .= 'width:' . esc_attr( $sizes['width'] ) . 'px;';
18821882
}
18831883
}
18841884

0 commit comments

Comments
 (0)