diff --git a/wp-content/plugins/smtp-mailer/main.php b/wp-content/plugins/smtp-mailer/main.php
index f79d9838..846157d9 100644
--- a/wp-content/plugins/smtp-mailer/main.php
+++ b/wp-content/plugins/smtp-mailer/main.php
@@ -1,7 +1,7 @@
__('Server Info', 'smtp-mailer'),
);
$url = "https://wphowto.net/smtp-mailer-plugin-for-wordpress-1482";
- $link_text = sprintf(wp_kses(__('Please visit the SMTP Mailer documentation page for usage instructions.', 'smtp-mailer'), array('a' => array('href' => array(), 'target' => array()))), esc_url($url));
+ $link_text = sprintf(__('Please visit the SMTP Mailer documentation page for usage instructions.', 'smtp-mailer'), esc_url($url));
+ $allowed_html_tags = array(
+ 'a' => array(
+ 'href' => array(),
+ 'target' => array()
+ )
+ );
echo '
SMTP Mailer v' . SMTP_MAILER_VERSION . '
';
- echo '
'.$link_text.'
';
+ echo '
'.wp_kses($link_text, $allowed_html_tags).'
';
+ $current = '';
+ $action = '';
if (isset($_GET['page'])) {
- $current = $_GET['page'];
+ $current = sanitize_text_field($_GET['page']);
if (isset($_GET['action'])) {
- $current .= "&action=" . $_GET['action'];
+ $action = sanitize_text_field($_GET['action']);
+ $current .= "&action=" . $action;
}
}
$content = '';
@@ -100,17 +109,33 @@ class SMTP_MAILER {
$content .= '
' . $tabname . '';
}
$content .= '';
- echo $content;
-
- if(isset($_GET['action']) && $_GET['action'] == 'test-email'){
- $this->test_email_settings();
+ $allowed_html_tags = array(
+ 'a' => array(
+ 'href' => array(),
+ 'class' => array()
+ ),
+ 'h2' => array(
+ 'href' => array(),
+ 'class' => array()
+ )
+ );
+ echo wp_kses($content, $allowed_html_tags);
+ if(!empty($action))
+ {
+ switch($action)
+ {
+ case 'test-email':
+ $this->test_email_settings();
+ break;
+ case 'server-info':
+ $this->server_info_settings();
+ break;
+ }
}
- else if(isset($_GET['action']) && $_GET['action'] == 'server-info'){
- $this->server_info_settings();
- }
- else{
+ else
+ {
$this->general_settings();
- }
+ }
echo '
';
}
@@ -122,7 +147,7 @@ class SMTP_MAILER {
}
$to = '';
if(isset($_POST['smtp_mailer_to_email']) && !empty($_POST['smtp_mailer_to_email'])){
- $to = sanitize_text_field($_POST['smtp_mailer_to_email']);
+ $to = sanitize_email($_POST['smtp_mailer_to_email']);
}
$subject = '';
if(isset($_POST['smtp_mailer_email_subject']) && !empty($_POST['smtp_mailer_email_subject'])){
@@ -135,7 +160,7 @@ class SMTP_MAILER {
wp_mail($to, $subject, $message);
}
?>
-