fixed missing sanitization

Author: iamsayan

docs/readme.txt

@@ -4,8 +4,8 @@ Author URI: https://instawp.com/?utm_source=sl_plugin_author
 Plugin URI: http://wordpress.org/plugins/string-locator/
 Tags: text, search, find, syntax, highlight
 Requires at least: 4.9
-Tested up to: 6.5
-Stable tag: 2.6.5
+Tested up to: 6.6
+Stable tag: 2.6.6
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
 
@@ -46,6 +46,10 @@ When writing your search string, make sure to wrap your search in forward slashe
 
 == Changelog ==
 
+= 2.6.6 (2024-08-14) =
+* Fixed missing URL input sanitization.
+* Verified compatibility with WordPress 6.6
+
 = 2.6.5 (2024-03-12) =
 * Verified compatibility with WordPress 6.5
 

includes/Extension/SQL/views/editor/sql.php

@@ -35,11 +35,11 @@
 
 $format = 'string';
 
-if ( is_serialized( $row->{ $_GET['sql-column'] }, true ) ) {
+if ( is_serialized( $row->{ esc_html( $_GET['sql-column'] ) }, true ) ) {
 	$format = 'serialized';
 }
 
-$editor_content = $row->{ $_GET['sql-column'] };
+$editor_content = $row->{ esc_html( $_GET['sql-column'] ) };
 ?>
 <form id="string-locator-edit-form" class="string-locator-editor-wrapper">
 	<?php wp_nonce_field( 'wp_rest' ); ?>

string-locator.php

@@ -3,7 +3,7 @@
  * Plugin Name: String Locator
  * Plugin URI: https://wordpress.org/plugins/string-locator/
  * Description: Scan through theme and plugin files looking for text strings
- * Version: 2.6.5
+ * Version: 2.6.6
  * Author: InstaWP
  * Author URI: https://instawp.com/
  * Text Domain: string-locator