Merge pull request #36 from getastra/issue-35-Add_data_sanitization/e…

…scaping Removes use of historyvalue hidden field
getastra · Jun 2, 2021 · 2cadc38 · 2cadc38
2 parents 304fdf8 + 70c0f28
commit 2cadc38
Showing 1 changed file with 2 additions and 11 deletions.
diff --git a/wp-hardening.php b/wp-hardening.php
@@ -187,14 +187,6 @@ function custom_notice_bar()
             $homeurl = home_url($_SERVER['REQUEST_URI']);
             $getvalue = strpos($homeurl, 'plugins.php');
 
-            if (isset($_REQUEST['historyvalue']) && $_REQUEST['historyvalue'] != '') {
-                ?>
-                <script type="text/javascript">
-                    localStorage.setItem("wphShowAdminPrompt", '<?php echo $_REQUEST['historyvalue'];?>');
-                </script>
-                <?php
-            }
-
             if ($getvalue === false) {
             } else {
 
@@ -208,9 +200,8 @@ function custom_notice_bar()
                         <?php _e('We have enabled 18 security fixes to protect your site. Please review them here.', 'wp-security-hardening'); ?>
                     </a>
 
-                    <form action="<?php echo $_SERVER['REQUEST_URI']; ?>" method="post">
-                        <input type="hidden" name="historyvalue" value="1">
-                        <input class="button button-primary" type="submit" name="submit" value="Got It."/>
+                    <form>
+                        <input class="button button-primary" onclick="localStorage.setItem('wphShowAdminPrompt', '1')" type="submit" name="submit" value="Got It."/>
                     </form>
 
                 </div>