Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security fix: Escape html entities before passing to WP/photoswipe #219

Merged
merged 1 commit into from
Mar 8, 2020
Merged

Security fix: Escape html entities before passing to WP/photoswipe #219

merged 1 commit into from
Mar 8, 2020

Conversation

timbocode
Copy link
Contributor

@timbocode timbocode commented Feb 22, 2020
edited
Loading

Backport of security update to includes/wc-template-functions.php from woocommerce/woocommerce@ffa230d

See also #214

Files changed

includes/wc-template-functions.php

@timbocode timbocode added the Security Security fixes including WC backports label Feb 22, 2020
@timbocode timbocode added this to the 1.0.0-beta1 milestone Feb 22, 2020
@timbocode timbocode requested review from nylen and bahiirwa February 22, 2020 14:13
@codecov-io
Copy link

Codecov Report

Merging #219 into master will decrease coverage by <.01%.
The diff coverage is 0%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master     #219      +/-   ##
============================================
- Coverage     40.82%   40.82%   -0.01%     
  Complexity    13447    13447              
============================================
  Files           367      367              
  Lines         51277    51285       +8     
============================================
  Hits          20936    20936              
- Misses        30341    30349       +8
Impacted Files Coverage Δ Complexity Δ
includes/wc-template-functions.php 7.67% <0%> (-0.06%) 0 <0> (ø)
...shipping/flat-rate/includes/settings-flat-rate.php 97.95% <0%> (-2.05%) 0% <0%> (ø)
includes/class-wc-tax.php 79.67% <0%> (+0.27%) 130% <0%> (ø) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 548ee48...353fc76. Read the comment docs.

@timbocode timbocode modified the milestones: 1.0.0-beta1, 1.0.0-beta2 Feb 23, 2020
@nylen
Copy link
Contributor

nylen commented Feb 23, 2020

@bahiirwa it's a good idea to explain what was tested/reviewed, we shouldn't just check the "approved" box with no context.

See also #214 (comment) - we should probably make sure we agree on the approach we are using to review and approve these changes.

@timbocode timbocode mentioned this pull request Feb 28, 2020
Closed
13 tasks
@timbocode
Copy link
Contributor Author

Testing

  • Manually checked the operation of Photoswipe. All seems to be OK.

@bahiirwa
Copy link
Collaborator

bahiirwa commented Mar 6, 2020

Testing

* Manually checked the operation of Photoswipe. All seems to be OK.

Same checks done. Manual testing as ordinary user.

nylen
nylen approved these changes Mar 6, 2020
View reviewed changes
Copy link
Contributor

@nylen nylen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I compared the changes here against woocommerce/woocommerce@ffa230d. This looks good 👍

@nylen
Copy link
Contributor

nylen commented Mar 7, 2020

This PR also effectively includes woocommerce/woocommerce@9eb31f5 and whatever later commit reformatted this code. I think this is ok, just noting for tracking purposes (#226).

@timbocode timbocode merged commit eb54992 into ClassicPress:master Mar 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bahiirwa bahiirwa bahiirwa approved these changes

@nylen nylen nylen approved these changes

Assignees
No one assigned
Labels
Security Security fixes including WC backports
Projects
None yet
Milestone
1.0.0-beta1
Development

Successfully merging this pull request may close these issues.
4 participants
@timbocode @codecov-io @nylen @bahiirwa