Sanitizes metabox editor content

author: Daniel Weipert <code@drogueronin.de> 2020-10-28 19:48:12 +0100
committer: Daniel Weipert <code@drogueronin.de> 2020-10-28 19:48:12 +0100
commit: 30ad20decef8eb6c6840c17e25d0cfcfae57818b (patch)
tree: 6ee90605a069a59e9e3fccad7d5af4086ebb1c2a /src
parent: adf1a7cfe3115d32b92195e75934718fd5685af0 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/MetaBox.php b/src/MetaBox.php
index d11336f..c2386ee 100644
--- a/src/MetaBox.php
+++ b/src/MetaBox.php
@@ -47,7 +47,9 @@ class MetaBox
             return;
         }
 
-        file_put_contents(TimberEditor::getTemplateFilePath($postId), $_POST['timber-editor_content']);
+        $content = wp_kses($_POST['timber-editor_content'], wp_kses_allowed_html('post'));
+
+        file_put_contents(TimberEditor::getTemplateFilePath($postId), $content);
         if (empty($_POST['timber-editor_content'])) {
             wp_delete_file(TimberEditor::getTemplateFilePath($postId));
         }
author	Daniel Weipert <code@drogueronin.de>	2020-10-28 19:48:12 +0100
committer	Daniel Weipert <code@drogueronin.de>	2020-10-28 19:48:12 +0100
commit	30ad20decef8eb6c6840c17e25d0cfcfae57818b (patch)
tree	6ee90605a069a59e9e3fccad7d5af4086ebb1c2a /src
parent	adf1a7cfe3115d32b92195e75934718fd5685af0 (diff)