Hi Liz,
Okay, the report says – “The “logo_url” field does not validate <script> tags and does not perform output encoding.”
No Problem, We will fix this in next update by adding esc_url like below:
<input type="text" class="pro_text" id="log-url" name="log-url" placeholder="<?php _e('Logo URL','WEBLIZAR_ACL')?>" size="56" value="<?php echo $logo_url; ?>"/>
Fixed:
<input type="text" class="pro_text" id="log-url" name="log-url" placeholder="<?php _e('Logo URL','WEBLIZAR_ACL')?>" size="56" value="<?php echo esc_url($logo_url); ?>"/>
But, the question is arising: Why an admin try to hack own site coz this setting access only for admin of site?
Thanks
Thread Starter
Liz
(@member011)
Thank you Sweetie, Glad I was able to be in the right place at the right time to notice it for you! And It’s an awesome plugin really beautiful you’ve done a brilliant job, I think it’s a very classy plugin, thanks for the quick response, I was just hoping I could help. 🙂
when you mention “but the question is arising” Why an admin try to hack own site coz this setting access only for admin of site? ….
I don’t know Sweetie, I’ll take your word for it, I have no clue what the code means!
Thanks so much @liz for posting this feedback.
Thread Starter
Liz
(@member011)
Oops!! forgot to mention one reason I just thought of, it’s just that it shows up in word fence results as a vulnerability and while playing with google analytics, where I have just added this site as a property on console console, Google is also showing a vulnerability, so not sure if it may be an issue or not for those who are following up with google search console list of issues to help improve a sites,
I’m looking forward to the next update when you have time 🙂
All the best Liz 🙂
