From a028eba8bc5535830256903d7041326338e78a13 Mon Sep 17 00:00:00 2001 From: Bart Jaskulski <bjaskulski@protonmail.com> Date: Thu, 21 Dec 2023 11:07:38 +0100 Subject: [PATCH] feat: add wc functions whitelist Signed-off-by: Bart Jaskulski <bjaskulski@protonmail.com> --- CHANGELOG.md | 4 ++++ WPDeskPlugin/ruleset.xml | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8d4f74..2611999 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## [1.3.0] - 2023-12-21 +### Added +- Added WooCommerce sanitization and escaping functions to whitelist in security rules. + ## [1.2.8] - 2023-09-14 ### Added - Whitelisted some of WooCommerce custom capabilities for sniffs. diff --git a/WPDeskPlugin/ruleset.xml b/WPDeskPlugin/ruleset.xml index 432da59..5313082 100644 --- a/WPDeskPlugin/ruleset.xml +++ b/WPDeskPlugin/ruleset.xml @@ -77,6 +77,19 @@ </properties> </rule> + <!-- Add WooCommerce security functions to whitelist --> + <rule ref="WordPress.Security.ValidatedSanitizedInput"> + <properties> + <property name="customSanitizingFunctions" type="array" value="wc_clean,wc_sanitize_tooltip,wc_format_decimal,wc_stock_amount,wc_sanitize_permalink,wc_sanitize_textarea" /> + </properties> + </rule> + + <rule ref="WordPress.Security.EscapeOutput"> + <properties> + <property name="customEscapingFunctions" type="array" value="wc_help_tip,wc_sanitize_tooltip,wc_selected,wc_kses_notice,wc_esc_json,wc_query_string_form_fields,wc_make_phone_clickable" /> + </properties> + </rule> + <!-- Template files should have comment with passed variables. --> <rule ref="Squiz.Commenting.FileComment"> <include-pattern>*/templates/*</include-pattern> -- GitLab