fix: Escape IP address input to prevent XSS vulnerabilities

Daniel Neto · Daniel Neto · commit 31e6888e40be · 2026-03-30T10:57:10.000-03:00
GHSA-jqrj-chh6-8h78
diff --git a/plugin/User_Location/testIP.php b/plugin/User_Location/testIP.php
@@ -31,7 +31,7 @@
             </div>
             <div class="panel-body">
                 <label for="ip"><?php echo __("IP Address"); ?>:</label>
-                <input type="text" name="ip" id="ip" class="form-control" value="<?php echo $ip; ?>">
+                <input type="text" name="ip" id="ip" class="form-control" value="<?php echo htmlspecialchars($ip, ENT_QUOTES, 'UTF-8'); ?>">
                 <?php
                 if (!empty($location)) {
                     echo '<div class="alert alert-success">';
@@ -57,4 +57,4 @@
 </script>
 <?php
 $_page->print();
-?>
+?>
