Changeset 2886 for sites/branches/application-tracking/wordcamp.org

Timestamp:

04/04/2016 06:43:54 PM (10 years ago)

Author:

iandunn

Message:

WordCamp Post Type: Sanitize the body of the application notification email.

This is actually already sanitized before it gets passed in, but doing it again within the function doesn't hurt anything and makes it obvious that the data is safe.

File:

• sites/branches/application-tracking/wordcamp.org/public_html/wp-content/plugins/wcpt/applications/wordcamp.php (modified) (1 diff)

sites/branches/application-tracking/wordcamp.org/public_html/wp-content/plugins/wcpt/applications/wordcamp.php

@@ -211 +211 @@
     $subject = "We've received your WordCamp application";
     $headers = array( 'Reply-To: support@wordcamp.org' );
-    $message = "Thank you for applying to organize WordCamp $wordcamp_name! We'll send you a follow-up e-mail once we've had a chance to review your application.";
+    $message = sprintf(
+        "Thank you for applying to organize WordCamp %s! We'll send you a follow-up e-mail once we've had a chance to review your application.",
+        sanitize_text_field( $wordcamp_name )
+    );
 
     wp_mail( $email_address, $subject, $message, $headers );