WebberZone
diff --git a/‎LICENSE.txt‎
100644100755 b/‎LICENSE.txt‎
100644100755
diff --git a/‎includes/frontend/class-breadcrumbs.php‎
Lines changed: 4 additions & 0 deletions b/‎includes/frontend/class-breadcrumbs.php‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎includes/frontend/class-display.php‎
Lines changed: 3 additions & 0 deletions b/‎includes/frontend/class-display.php‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎includes/functions.php‎
Lines changed: 5 additions & 1 deletion b/‎includes/functions.php‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎includes/util/class-helpers.php‎
Lines changed: 28 additions & 0 deletions b/‎includes/util/class-helpers.php‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎includes/widgets/index.php‎
100644100755 b/‎includes/widgets/index.php‎
100644100755
diff --git a/‎index.php‎
100644100755 b/‎index.php‎
100644100755
diff --git a/‎knowledgebase.php‎
100644100755
Lines changed: 1 addition & 1 deletion b/‎knowledgebase.php‎
100644100755
Lines changed: 1 addition & 1 deletion
diff --git a/‎languages/index.php‎
100644100755 b/‎languages/index.php‎
100644100755
diff --git a/‎readme.txt‎
100644100755
Lines changed: 6 additions & 1 deletion b/‎readme.txt‎
100644100755
Lines changed: 6 additions & 1 deletion
@@ -7,6 +7,8 @@
 
 namespace WebberZone\Knowledge_Base\Frontend;
 
+use WebberZone\Knowledge_Base\Util\Helpers;
+
 if ( ! defined( 'WPINC' ) ) {
 	die;
 }
@@ -50,6 +52,7 @@ public static function get_breadcrumb( $args = array() ) {
 
 		// Parse incoming $args into an array and merge it with $defaults.
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		// Convert Unicode sequence if provided.
 		if ( strpos( $args['separator'], '\\' ) === 0 ) {
@@ -139,6 +142,7 @@ private static function get_hierarchical_term_trail( \WP_Term $taxonomy, $args =
 		);
 
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		$output  = '<li class="wzkb_breadcrumb-item" data-separator="' . esc_attr( $args['separator'] ) . '" itemprop="itemListElement" itemscope itemtype="https://schema.org/ListItem">';
 		$output .= '<a href="' . esc_url( get_term_link( $taxonomy ) ) . '" itemprop="item" title="' . esc_attr( $taxonomy->name ) . '">';
 
@@ -8,6 +8,7 @@
 namespace WebberZone\Knowledge_Base\Frontend;
 
 use WebberZone\Knowledge_Base\Util\Cache;
+use WebberZone\Knowledge_Base\Util\Helpers;
 
 if ( ! defined( 'WPINC' ) ) {
 	die;
@@ -64,6 +65,7 @@ public static function get_knowledge_base( $args = array() ) {
 		);
 
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		// Set defaults if variables are empty.
 		$args['limit']   = ( ! empty( absint( $args['limit'] ) ) ) ? absint( $args['limit'] ) : \wzkb_get_option( 'limit' );
@@ -379,6 +381,7 @@ public static function get_categories_list( $term_id, $level = 0, $args = array(
 		);
 
 		$args = wp_parse_args( $args, $defaults );
+		$args = Helpers::sanitize_args( $args );
 
 		// Get Knowledge Base Sections.
 		$sections = get_terms(
 
@@ -7,6 +7,7 @@
 
 use WebberZone\Knowledge_Base\Frontend\Media_Handler;
 use WebberZone\Knowledge_Base\Frontend\Related;
+use WebberZone\Knowledge_Base\Util\Helpers;
 
 // If this file is called directly, abort.
 if ( ! defined( 'WPINC' ) ) {
@@ -102,8 +103,9 @@ function wzkb_get_alert( $args = array(), $content = '' ) {
 
 	// Parse incomming $args into an array and merge it with $defaults.
 	$args = wp_parse_args( $args, $defaults );
+	$args = Helpers::sanitize_args( $args );
 
-	$type = 'wzkb-alert-' . $args['type'];
+	$type = 'wzkb-alert-' . sanitize_html_class( $args['type'] );
 
 	$class = implode( ' ', explode( ',', $args['class'] ) );
 	$class = $type . ' ' . $class;
@@ -161,6 +163,7 @@ function wzkb_get_the_post_thumbnail( $args = array() ) {
 
 	// Parse incomming $args into an array and merge it with $defaults.
 	$args = wp_parse_args( $args, $defaults );
+	$args = Helpers::sanitize_args( $args );
 
 	return Media_Handler::get_the_post_thumbnail( $args );
 }
@@ -180,6 +183,7 @@ function wzkb_related_articles( $args = array() ) {
 	);
 
 	$args = wp_parse_args( $args, $defaults );
+	$args = Helpers::sanitize_args( $args );
 
 	$related = Related::get_related_articles( $args );
 
 
@@ -44,4 +44,32 @@ public static function get_credit_link() {
 
 		return $output;
 	}
+
+	/**
+	 * Sanitize args.
+	 *
+	 * @since 2.3.1
+	 *
+	 * @param array $args Array of arguments.
+	 * @return array Sanitized array of arguments.
+	 */
+	public static function sanitize_args( $args ): array {
+		foreach ( $args as $key => $value ) {
+			if ( is_string( $value ) ) {
+				switch ( $key ) {
+					case 'class':
+					case 'className':
+					case 'extra_class':
+						$classes           = explode( ' ', $value );
+						$sanitized_classes = array_map( 'sanitize_html_class', $classes );
+						$args[ $key ]      = implode( ' ', $sanitized_classes );
+						break;
+					default:
+						$args[ $key ] = wp_kses_post( $value );
+						break;
+				}
+			}
+		}
+		return $args;
+	}
 }
@@ -13,7 +13,7 @@
  * Plugin Name: WebberZone Knowledge Base
  * Plugin URI: https://github.com/WebberZone/knowledgebase
  * Description: Create a multi-product knowledge base on your WordPress site.
- * Version: 2.3.0
+ * Version: 2.3.1-beta1
  * Author: WebberZone
  * Author URI: https://webberzone.com
  * License: GPL-2.0+
 
@@ -3,7 +3,7 @@ Contributors: Ajay, webberzone
 Donate link: https://ajaydsouza.com/donate/
 Tags: knowledge base, knowledgebase, FAQ, frequently asked questions, support, documentation
 Requires at least: 6.3
-Tested up to: 6.7
+Tested up to: 6.8
 Requires PHP: 7.4
 Stable tag: 2.3.0
 License: GPLv2 or later
@@ -118,6 +118,11 @@ Completely rewritten. Several new features and enhancements.
 
 == Changelog ==
 
+= 2.3.1 =
+
+* Bug fixes:
+	* Fixed security issue where arguments passed to the shortcodes were not properly sanitized.
+
 = 2.3.0 =
 
 Release post: [https://webberzone.com/blog/knowledge-base-v2-3-0/](https://webberzone.com/blog/knowledge-base-v2-3-0/)