From 60bff9e2be7bb600a10ca597313be36f34f06ab8 Mon Sep 17 00:00:00 2001 From: Nikita Sinelnikov Date: Fri, 3 Jun 2022 12:06:46 +0300 Subject: [PATCH] - fixed XSS issue related to the JS confirmation and links with JS code inside. --- includes/core/um-filters-fields.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/includes/core/um-filters-fields.php b/includes/core/um-filters-fields.php index 47ad3478..3ad00b43 100644 --- a/includes/core/um-filters-fields.php +++ b/includes/core/um-filters-fields.php @@ -430,7 +430,10 @@ function um_profile_field_filter_hook__( $value, $data, $type = '' ) { $onclick_alert = ''; if ( UM()->options()->get( 'allow_url_redirect_confirm' ) && $value !== wp_validate_redirect( $value ) ) { - $onclick_alert = ' onclick="return confirm( \'' . sprintf( __( 'This link leads to a 3rd-party website. Make sure the link is safe and you really want to go to this website: `%s`', 'ultimate-member' ), $value ) . '\' );"'; + $onclick_alert = sprintf( + ' onclick="' . esc_attr( 'return confirm( "%s" );' ) . '"', + esc_js( sprintf( __( 'This link leads to a 3rd-party website. Make sure the link is safe and you really want to go to this website: \'%s\'', 'ultimate-member' ), $value ) ) + ); } $data['url_target'] = ( isset( $data['url_target'] ) ) ? $data['url_target'] : '_blank';