Authenticated(Editor+) Stored Cross-Site Scripting (#96)

* Authenticated(Editor+) Stored Cross-Site Scripting

* Few other small fixes

Author: samiahmedsiddiqui

admin/class-custom-permalinks-post-types-table.php

@@ -239,12 +239,13 @@ protected function column_title( $item ) {
 		}
 
 		$edit_link            = get_edit_post_link( $item['ID'] );
-		$title_with_edit_link = $post_title;
+		$title_with_edit_link = esc_html( $post_title );
 		if ( ! empty( $edit_link ) ) {
 			$title_with_edit_link = sprintf(
-				'<a href="%s" target="_blank" title="' . esc_html__( 'Edit ', 'custom-permalinks' ) . ' ' . $post_title . '">%s</a>',
-				$edit_link,
-				$post_title
+				'<a href="%1s" target="_blank" title="%2s">%3s</a>',
+				esc_url( $edit_link ),
+				esc_attr__( 'Edit', 'custom-permalinks' ) . ' ' . esc_attr( $post_title ),
+				$title_with_edit_link
 			);
 		}
 
@@ -283,10 +284,12 @@ protected function column_type( $item ) {
 	 */
 	protected function column_permalink( $item ) {
 		$page_url = get_permalink( $item['ID'] );
+		$page_url = esc_url( $page_url );
 
 		$permalink = sprintf(
-			'<a href="%s" target="_blank" title="' . esc_html__( 'Visit', 'custom-permalinks' ) . ' ' . $item['post_title'] . '">%s</a>',
+			'<a href="%1s" target="_blank" title="%2s">%3s</a>',
 			$page_url,
+			esc_attr__( 'Visit', 'custom-permalinks' ) . ' ' . esc_attr( $item['post_title'] ),
 			$page_url
 		);
 

admin/class-custom-permalinks-taxonomies-table.php

@@ -235,26 +235,22 @@ protected function column_title( $item ) {
 		$edit_link  = '';
 		$term_title = 'NOT SET';
 
-		if ( isset( $item['ID'] ) && isset( $item['type'] ) ) {
-			$taxonomy_type = 'category';
-			if ( 'tag' === $item['type'] ) {
-				$taxonomy_type = 'post_tag';
-			}
-
-			$edit_link = get_edit_term_link( $item['ID'], $taxonomy_type );
-			$term      = get_term( $item['ID'], $taxonomy_type );
+		if ( isset( $item['ID'] ) ) {
+			$edit_link = get_edit_term_link( $item['ID'] );
+			$term      = get_term( $item['ID'] );
 
-			if ( isset( $term ) && isset( $term->name ) && ! empty( $term->name ) ) {
+			if ( isset( $term, $term->name ) && ! empty( $term->name ) ) {
 				$term_title = $term->name;
 			}
 		}
 
-		$title_with_edit_link = $term_title;
+		$title_with_edit_link = esc_html( $term_title );
 		if ( ! empty( $edit_link ) ) {
 			$title_with_edit_link = sprintf(
-				'<a href="%s" target="_blank" title="' . esc_html__( 'Edit ', 'custom-permalinks' ) . ' ' . $term_title . '">%s</a>',
-				$edit_link,
-				$term_title
+				'<a href="%1s" target="_blank" title="%2s">%3s</a>',
+				esc_url( $edit_link ),
+				esc_attr__( 'Edit', 'custom-permalinks' ) . ' ' . esc_attr( $term_title ),
+				$title_with_edit_link
 			);
 		}
 
@@ -312,6 +308,7 @@ protected function column_permalink( $item ) {
 				}
 			}
 
+			$taxonomy_type = $item['type'];
 			if ( 'tag' === $item['type'] ) {
 				$taxonomy_type = 'post_tag';
 			}
@@ -333,17 +330,18 @@ protected function column_permalink( $item ) {
 			$perm_text = str_replace( $home_url, '', $permalink );
 
 			$term_title = '';
-			if ( isset( $item['ID'] ) && isset( $item['type'] ) ) {
-				$term = get_term( $item['ID'], $item['type'] );
-				if ( isset( $term ) && isset( $term->name ) && ! empty( $term->name ) ) {
+			if ( isset( $item['ID'] ) ) {
+				$term = get_term( $item['ID'] );
+				if ( isset( $term, $term->name ) && ! empty( $term->name ) ) {
 					$term_title = $term->name;
 				}
 			}
 
 			$permalink = sprintf(
-				'<a href="%s" target="_blank" title="' . esc_html__( 'Visit', 'custom-permalinks' ) . ' ' . $term_title . '">%s</a>',
-				$permalink,
-				$perm_text
+				'<a href="%1s" target="_blank" title="%2s">%3s</a>',
+				esc_url( $permalink ),
+				esc_attr__( 'Visit', 'custom-permalinks' ) . ' ' . esc_attr( $term_title ),
+				esc_html( $perm_text )
 			);
 		}