Unplugged-783 | Add sanitization of description and content before bu…

…lk (#59) Add sanitization of description,title and content before bulk
doofinder · May 3, 2023 · b750739 · b750739
1 parent c8ff109
commit b750739
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 7 deletions.
diff --git a/doofinder/doofinder.php b/doofinder/doofinder.php
@@ -3,7 +3,7 @@
  * Plugin Name: Doofinder
  * License: GPLv2 or later
  * License URI: http://www.gnu.org/licenses/gpl-2.0.html
- * Version: 0.5.3
+ * Version: 0.5.4
  * Author: Doofinder
  * Description: Integrate Doofinder Search in your WordPress website.
  *
@@ -30,7 +30,7 @@ class Doofinder_For_WordPress {
 		 *
 		 * @var string
 		 */
-		public static $version = '0.5.3';
+		public static $version = '0.5.4';
 
 		/**
 		 * The only instance of Doofinder_For_WordPress

diff --git a/doofinder/includes/class-post.php b/doofinder/includes/class-post.php
@@ -289,22 +289,22 @@ public function format_for_api() {
 		// All other data will be added if present.
 		$data = array(
 			'id'        => (string) $this->post->ID,
-			'title'     => $this->post->post_title,
+			'title'     => $this->sanitize_html_entities($this->post->post_title),
 			'link'      => get_the_permalink( $this->post ),
 			'post_date' => $this->get_post_date()
 		);
 
 		// Post content.
 		$content = $this->get_content();
 		if ( $content ) {
-			$data['content'] = $content;
+			$data['content'] = $this->sanitize_html_entities($content);
 		}
 
 		// Post description.
 		// Excerpt serves as a description.
 		$description = $this->get_excerpt();
 		if ( $description ) {
-			$data['description'] = $description;
+			$data['description'] = $this->sanitize_html_entities($description);
 		}
 
 		// Post thumbnail.
@@ -340,6 +340,17 @@ public function format_for_api() {
 		return $data;
 	}
 
+	/**
+	 * Replaces the html entity of a text with their corresponding character
+	 *
+	 * @param {string} text
+	 *
+	 * @return string
+	 */
+	private function sanitize_html_entities($text){
+		return html_entity_decode($text, ENT_QUOTES | ENT_HTML5, 'UTF-8');
+	}
+
 	/**
 	 * Retrieve categories for the current post in the following format:
 	 * parent category > child category > child of child

diff --git a/doofinder/readme.txt b/doofinder/readme.txt
@@ -1,7 +1,7 @@
 === Doofinder ===
 Contributors: doofinder, chopchoporg
 Tags: search, autocomplete
-Version: 0.5.3
+Version: 0.5.4
 Requires at least: 4.1
 Tested up to: 6.1
 Stable tag: trunk
@@ -114,6 +114,9 @@ Just send your questions to <mailto:[email protected]> and we will try to an
 
 == Changelog ==
 
+= 0.5.4 =
+- Add sanitization of html before index
+
 = 0.5.3 =
 - Remove internal search option
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "doofinder-wordpress",
-  "version": "0.5.3",
+  "version": "0.5.4",
   "description": "Integrate Doofinder in your WordPress site with (almost) no effort.",
   "main": "index.js",
   "scripts": {