Plugin should be identitcal as that on Github | ww.wp.xz.cn

Resolved mommaroodle
(@mommaroodle)

1 year, 3 months ago

I also noticed that the plugin is not identical to that on Github so it has not yet been updated here

On Github the following file includes/class-wc-gateway-payfast.php – the output is escaped yet in the plugin downloaded from the WordPress repo – it is not escaped

<?php echo wc_help_tip( esc_html__( 'This represents the fee Payfast collects for the transaction.', 'woocommerce-gateway-payfast' ) ); ?>

Using the unescaped version (__) can be a security risk because it does not ensure that the output is safe for HTML. If the string contains any malicious content, it could lead to XSS vulnerabilities.

Viewing 1 replies (of 1 total)

Moses M. (woo-hc)
(@mosesmedh)

1 year, 3 months ago

Hi @mommaroodle,

Thank you for reaching out. To resolve this issue, please create a topic on GitHub, where the developers can assist you directly: https://github.com/woocommerce/woocommerce-gateway-payfast/issues.

Viewing 1 replies (of 1 total)

The topic ‘Plugin should be identitcal as that on Github’ is closed to new replies.

1 reply
2 participants
Last reply from: Moses M. (woo-hc)
Last activity: 1 year, 3 months ago
Status: resolved