From 30ad20decef8eb6c6840c17e25d0cfcfae57818b Mon Sep 17 00:00:00 2001
From: Daniel Weipert <code@drogueronin.de>
Date: Wed, 28 Oct 2020 19:48:12 +0100
Subject: Sanitizes metabox editor content

---
 src/MetaBox.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/MetaBox.php b/src/MetaBox.php
index d11336f..c2386ee 100644
--- a/src/MetaBox.php
+++ b/src/MetaBox.php
@@ -47,7 +47,9 @@ class MetaBox
             return;
         }
 
-        file_put_contents(TimberEditor::getTemplateFilePath($postId), $_POST['timber-editor_content']);
+        $content = wp_kses($_POST['timber-editor_content'], wp_kses_allowed_html('post'));
+
+        file_put_contents(TimberEditor::getTemplateFilePath($postId), $content);
         if (empty($_POST['timber-editor_content'])) {
             wp_delete_file(TimberEditor::getTemplateFilePath($postId));
         }
-- 
cgit v1.2.3