Skip to content

Commit 6f0fecd

Browse files
vytisbulkeviciusvytisbulkevicius
authored
release: fixes
- Enhanced security - Updated dependencies
2 parents 1426679 + 9ae5f1c commit 6f0fecd

2 files changed

Lines changed: 11 additions & 10 deletions

File tree

composer.lock

Lines changed: 8 additions & 8 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

inc/manager.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -453,10 +453,11 @@ public function replace_content( $html, $partial = false ) {
453453
if ( ! $this->page_profiler->exists_all( $profile_id ) ) {
454454
$missing = $this->page_profiler->missing_devices( $profile_id );
455455
$time = time();
456-
$hmac = wp_hash( $profile_id . $time . $this->get_current_url(), 'nonce' );
456+
$url = esc_url( esc_js( $this->get_current_url() ) );
457+
$hmac = wp_hash( $profile_id . $time . $url, 'nonce' );
457458
$js_optimizer = str_replace(
458459
[ Profile::PLACEHOLDER, Profile::PLACEHOLDER_MISSING, Profile::PLACEHOLDER_TIME, Profile::PLACEHOLDER_HMAC, Profile::PLACEHOLDER_URL ],
459-
[ $profile_id, implode( ',', $missing ), strval( $time ), $hmac, $this->get_current_url() ],
460+
[ $profile_id, implode( ',', $missing ), strval( $time ), $hmac, $url ],
460461
$js_optimizer
461462
);
462463
$html = str_replace( Optml_Admin::get_optimizer_script( true ), $js_optimizer, $html );

0 commit comments

Comments
 (0)