Merge pull request #39 from nateinaction/fix/notification-escaping

Notification is escaped but allows anchor tags
wpengine · Apr 20, 2018 · c14deb6 · c14deb6
2 parents 5753f0e + f63e877
commit c14deb6
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 3 deletions.
diff --git a/readme.txt b/readme.txt
@@ -3,7 +3,7 @@ Contributors: wpengine, markkelnar, stevenkword, stephenlin, ryanshoover, taylor
 Tags: wpe, wpengine, geoip, localization, geolocation
 Requires at least: 3.0.1
 Tested up to: 4.9
-Stable tag: 1.2.4
+Stable tag: 1.2.5
 
 License: GPLv2 or later
 License URI: http://www.gnu.org/licenses/gpl-2.0.html
@@ -232,6 +232,9 @@ Please contact the WP Engine [Support Team](https://my.wpengine.com/support).
 
 == Changelog ==
 
+= 1.2.5 =
+- Fix for anchor tag escaping in admin notice
+
 = 1.2.4 =
 - Updating branding to GeoTarget
 - Readme update

diff --git a/wpengine-geoip.php b/wpengine-geoip.php
@@ -1,7 +1,7 @@
 <?php
 /**
  * Plugin Name: WP Engine GeoTarget
- * Version: 1.2.4
+ * Version: 1.2.5
  * Description: Create a personalized user experienced based on location.
  * Author: WP Engine
  * Author URI: http://wpengine.com
@@ -638,7 +638,19 @@ public function action_admin_notices() {
 				?>
 				<div class="notice notice-<?php echo esc_attr( $type ); ?> wpengine-geoip is-dismissible" data-key="<?php echo esc_attr( $key ); ?>">
 					<p>
-						<?php echo esc_html( $notice ); ?>
+						<?php
+							echo wp_kses(
+								$notice,
+								array(
+									'a' => array(
+										'href' => array(),
+									),
+									'span',
+									'strong',
+									'em',
+								)
+							);
+						?>
 					</p>
 				</div>
 				<?php