Escape nonces

joedolson · Jan 6, 2025 · bbffb79 · bbffb79
1 parent a726111
commit bbffb79
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/my-calendar-migrate.php b/src/my-calendar-migrate.php
@@ -73,7 +73,7 @@ function my_calendar_migration() {
 							?>
 						<form method="post" action="<?php echo esc_url( admin_url( 'admin.php?page=my-calendar-migrate' ) ); ?>">
 							<div>
-								<input type="hidden" name="_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-nonce' ); ?>"/>
+								<input type="hidden" name="_wpnonce" value="<?php echo esc_attr( wp_create_nonce( 'my-calendar-nonce' ) ); ?>"/>
 								<input type="hidden" name="import" value="true" />
 								<input type="hidden" name="source" value="<?php echo $import_source; ?>" />
 								<?php

diff --git a/src/my-calendar-shortcodes.php b/src/my-calendar-shortcodes.php
@@ -485,7 +485,7 @@ function mc_calendar_generator_fields( $post, $callback_args ) {
 	<div id="mc-generator" class="generator">
 		<div class="mc-generator-data">
 			<?php echo wp_kses_post( wpautop( $message ) ); ?>
-			<div><input type="hidden" name="_mc_wpnonce" value="<?php echo wp_create_nonce( 'my-calendar-generator' ); ?>"/></div>
+			<div><input type="hidden" name="_mc_wpnonce" value="<?php echo esc_attr( wp_create_nonce( 'my-calendar-generator' ) ); ?>"/></div>
 			<input type='hidden' name='shortcode' value='<?php echo esc_attr( $type ); ?>'/>
 			<?php
 			// Common Elements to all Shortcodes.