-
Posts
-
Hi,
I need to get in touch as soon as possible about a confirmed security is avia_wpml_language_switch as part of the Enfold theme.
I understand this is included in this theme and it is currently in use on our site. I would rather not mention the details publicly, is there an address I can e-mail this problem?
As I understand it, the problem is not present when using WPML without Enfold, but I’m not sure about this. I would like to discuss this with you directly.Regards
It is really important that we do get a response to this problem. Please contact us as soon as possible.
Hi,
Thanks for reporting this.
Please update line 278 and 279:
$output .= "<li class='language_" . $lang['language_code'] . " $currentlang'><a href='" . esc_url( $lang['url'] ) . "'>"; $output .= " <span class='language_flag'><img title='" . $lang['native_name'] . "' src='". esc_url( $lang['country_flag_url'] ) . "' alt='" . $lang['native_name'] . "' /></span>";I added a pull request to our dev repo for the next update.
Best regards,
GünterThanks for your response. I haven’t tested it yet but that fix does seem correct.
I am worried about the state of the code in the rest of that file. Is a security review something that is on your agenda?
I just responding to this topic because I created a personal account, rather than use an account I share with somebody else; I am the original starter of this topic.
Hey!
I checked this file and fixed some more. Here is the updated file (Enfold 4.5.4):
I added a pull request to our dev repo.
Cheers!
Günter
- You must be logged in to reply to this topic.