magdev/wc-bootstrap
1
Fork 0
Code Issues Pull Requests Actions Releases 8 Activity

Security audit fixes: fn() whitelist, escaping, and performance (v0.1.4)
All checks were successful
Create Release Package / PHP Lint (push) Successful in 1m41s
Details
Create Release Package / Build Release (push) Successful in 1m47s
Details

Browse Source 
- WooCommerceExtension: ALLOWED_FUNCTIONS whitelist for fn() Twig function
- Notice templates: data attributes use wp_kses_post instead of raw
- Search form: esc_attr on search query value attribute
- Per-request ContextBuilder caching via static variable
- Shared wc_bootstrap_render_in_page_shell() helper (DRY)
- Removed unused WC_BOOTSTRAP_VERSION and WC_BOOTSTRAP_URL constants

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Marco Grätsch
2026-03-01 01:02:43 +01:00
parent e72b4ba3c1
commit 98359d4cfb
9 changed files with 118 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/product-searchform.html.twig
View File

@@ -21,7 +21,7 @@
id="{{ field_id }}"
class="form-control"
placeholder="{{ __('Search products…') }}"
value="{{ get_search_query() }}"
value="{{ get_search_query()|esc_attr }}"
name="s" />
<button type="submit" class="btn btn-outline-primary" aria-label="{{ __('Search') }}">
<i class="bi bi-search" aria-hidden="true"></i>