diff --git a/CHANGELOG.md b/CHANGELOG.md index f8d4f7445542557438751b0a49d918488acd6dbc..261199984ce01aa168a9b9bfc2826bc8dd71b885 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## [1.3.0] - 2023-12-21 +### Added +- Added WooCommerce sanitization and escaping functions to whitelist in security rules. + ## [1.2.8] - 2023-09-14 ### Added - Whitelisted some of WooCommerce custom capabilities for sniffs. diff --git a/WPDeskPlugin/ruleset.xml b/WPDeskPlugin/ruleset.xml index 432da595faedb6b10bf664b1688ee147b171e15f..531308232e0bf9f23cb2d149cde45d9e725c6d02 100644 --- a/WPDeskPlugin/ruleset.xml +++ b/WPDeskPlugin/ruleset.xml @@ -77,6 +77,19 @@ </properties> </rule> + <!-- Add WooCommerce security functions to whitelist --> + <rule ref="WordPress.Security.ValidatedSanitizedInput"> + <properties> + <property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink,wc_sanitize_textarea" /> + </properties> + </rule> + + <rule ref="WordPress.Security.EscapeOutput"> + <properties> + <property name="customEscapingFunctions" type="array" value="wc_help_tip,wc_sanitize_tooltip,wc_selected,wc_kses_notice,wc_esc_json,wc_query_string_form_fields,wc_make_phone_clickable" /> + </properties> + </rule> + <!-- Template files should have comment with passed variables. --> <rule ref="Squiz.Commenting.FileComment"> <include-pattern>*/templates/*</include-pattern>