Fixed XSS issue.

props @foobar7
barrykooij · Oct 1, 2022 · 269e0a4 · 269e0a4
1 parent a6fb4dc
commit 269e0a4
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/classes/hooks/class-hook-link-related-screen.php b/classes/hooks/class-hook-link-related-screen.php
@@ -54,7 +54,7 @@ private function catch_search() {
 			exit;
 		}
 	}
-	
+
 	/**
 	 * Check if the current user is allowed to create related posts
 	 */
@@ -151,7 +151,7 @@ public function content() {
 		}
 
 		// Parent
-		$parent = $_GET['rp4wp_parent'];
+		$parent = absint( $_GET['rp4wp_parent'] );
 
 		// Setup cancel URL
 		$cancel_url = get_admin_url() . "post.php?post={$parent}&action=edit";
@@ -166,7 +166,7 @@ public function content() {
 		<div class="wrap">
 			<h2>
 				<?php _e( 'Posts', 'related-posts-for-wp' ); ?>
-				<a href="<?php echo $cancel_url; ?>" class="add-new-h2"><?php _e( 'Cancel linking', 'related-posts-for-wp' ); ?></a>
+				<a href="<?php echo esc_attr( $cancel_url ); ?>" class="add-new-h2"><?php _e( 'Cancel linking', 'related-posts-for-wp' ); ?></a>
 			</h2>
 
 			<form id="sp-list-table-form" method="post">
@@ -192,4 +192,4 @@ public function content() {
 
 	<?php
 	}
-}
+}