From 4a8168c9606b039312edfcbe1eef7f32b058a8aa Mon Sep 17 00:00:00 2001
From: Mikko Saari <mikko@mikkosaari.fi>
Date: Tue, 19 Oct 2021 05:13:30 +0300
Subject: [PATCH] Security fix: Removes a XSS vulnerability

The User Searches page had a XSS vulnerability.
---
 lib/user-searches.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/user-searches.php b/lib/user-searches.php
index 70b6c8a..45d20e3 100644
--- a/lib/user-searches.php
+++ b/lib/user-searches.php
@@ -336,7 +336,7 @@ function relevanssi_date_queries( string $from, string $to, string $version = 'g
 			if ( function_exists( 'relevanssi_insights_link' ) ) {
 				$query_link = relevanssi_insights_link( $query );
 			} else {
-				$query_link = $query->query;
+				$query_link = wp_kses( $query->query, 'strip' );
 			}
 
 			if ( 'good' === $version ) {
@@ -347,7 +347,7 @@ function relevanssi_date_queries( string $from, string $to, string $version = 'g
 						<td style='padding: 3px 5px; text-align: center'>%d</td>
 						<td style='padding: 3px 5px; text-align: center'>%s</td>
 					</tr>",
-					$query_link,  // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
+					$query_link, // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
 					esc_attr( $query_url ),
 					intval( $query->cnt ),
 					intval( $query->hits ),