From 269e0a4a5e4528a265e31f34ce6cfe1315cb8cc7 Mon Sep 17 00:00:00 2001
From: Barry Kooij <barrykooij@users.noreply.github.com>
Date: Sat, 1 Oct 2022 13:35:49 +0200
Subject: [PATCH] Fixed XSS issue.

props @foobar7
---
 classes/hooks/class-hook-link-related-screen.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/classes/hooks/class-hook-link-related-screen.php b/classes/hooks/class-hook-link-related-screen.php
index 051c58b..a9ee25f 100644
--- a/classes/hooks/class-hook-link-related-screen.php
+++ b/classes/hooks/class-hook-link-related-screen.php
@@ -54,7 +54,7 @@ private function catch_search() {
 			exit;
 		}
 	}
-	
+
 	/**
 	 * Check if the current user is allowed to create related posts
 	 */
@@ -151,7 +151,7 @@ public function content() {
 		}
 
 		// Parent
-		$parent = $_GET['rp4wp_parent'];
+		$parent = absint( $_GET['rp4wp_parent'] );
 
 		// Setup cancel URL
 		$cancel_url = get_admin_url() . "post.php?post={$parent}&action=edit";
@@ -166,7 +166,7 @@ public function content() {
 		<div class="wrap">
 			<h2>
 				<?php _e( 'Posts', 'related-posts-for-wp' ); ?>
-				<a href="<?php echo $cancel_url; ?>" class="add-new-h2"><?php _e( 'Cancel linking', 'related-posts-for-wp' ); ?></a>
+				<a href="<?php echo esc_attr( $cancel_url ); ?>" class="add-new-h2"><?php _e( 'Cancel linking', 'related-posts-for-wp' ); ?></a>
 			</h2>
 
 			<form id="sp-list-table-form" method="post">
@@ -192,4 +192,4 @@ public function content() {
 
 	<?php
 	}
-}
\ No newline at end of file
+}