Potential XSS in shortcode extension.

Signed-off-by: Kev Provance <[email protected]>

Author: kprovance

redux-core/inc/extensions/shortcodes/class-redux-shortcodes.php

@@ -97,6 +97,9 @@ public function blog_info( $atts = array(), ?string $content = null ) {
 				$atts = array();
 			}
 
+			$content = sanitize_text_field( $content );
+			$atts    = array_map( 'sanitize_text_field', wp_unslash( $atts ) );
+
 			if ( ! empty( $content ) && ! isset( $atts['data'] ) ) {
 				$atts['data'] = $content;
 			}
@@ -151,6 +154,9 @@ public function theme_info( array $atts = array(), ?string $content = null ) {
 				$atts = array();
 			}
 
+			$content = sanitize_text_field( $content );
+			$atts    = array_map( 'sanitize_text_field', wp_unslash( $atts ) );
+
 			if ( ! empty( $content ) && ! isset( $atts['data'] ) ) {
 				$atts['data'] = $content;
 			}
@@ -207,6 +213,9 @@ public function date( $atts = array(), ?string $content = null ) {
 				$atts = array();
 			}
 
+			$content = sanitize_text_field( $content );
+			$atts    = array_map( 'sanitize_text_field', wp_unslash( $atts ) );
+
 			if ( ! empty( $content ) && ! isset( $atts['data'] ) ) {
 				$atts['data'] = $content;
 			}