release: fixes

- Enhanced security
- Fixed extra column issue with a simple editor

Author: vytisbulkevicius

.github/workflows/test-e2e.yml

@@ -14,7 +14,7 @@ jobs:
       DOCKER_FILE: docker-compose.ci.yml
     strategy:
       fail-fast: false
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-node@v2

.github/workflows/test-php.yml

@@ -36,7 +36,7 @@ jobs:
 
   phpunit:
     name: PHPUnit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     services:
       mysql:
         image: mysql:5.7

classes/Visualizer/Source.php

@@ -429,7 +429,7 @@ private function _fetchSeriesFromEditableTable() {
 			foreach ( $headers as $header ) {
 				if ( ! empty( $types[ $header ] ) ) {
 					$this->_series[] = array(
-						'label' => $header,
+						'label' => esc_html( wp_strip_all_tags( $header ) ),
 						'type'  => $types[ $header ],
 					);
 				}

classes/Visualizer/Source/Csv.php

@@ -97,7 +97,7 @@ private function _fetchSeries( &$handle ) {
 			$labels[ $i ] = $this->toUTF8( $labels[ $i ] );
 
 			$this->_series[] = array(
-				'label' => $labels[ $i ],
+				'label' => esc_html( wp_strip_all_tags( $labels[ $i ] ) ),
 				'type'  => isset( $types[ $i ] ) ? $types[ $i ] : $default_type,
 			);
 		}

composer.lock

@@ -90,6 +90,7 @@
             $( '#canvas' ).css("z-index", "-100").hide();
         }else{
             $('#canvas').lock();
+            jQuery('.dataTables_scrollBody .sorting_disabled input').attr('disabled', true);
             $('#table-editor-form').submit();
 
             // showing the chart