From 6049aad6aaa5fec031c406fb5fd7c66dbc5d2d27 Mon Sep 17 00:00:00 2001
From: Baptiste Arnaud <baptiste.arnaud95@gmail.com>
Date: Thu, 11 Jul 2024 12:16:11 +0200
Subject: [PATCH] :bug: (wp) Fix XSS vuln shortcode attributes

Closes #1632
---
 packages/embeds/wordpress/package.json           |  6 +++---
 packages/embeds/wordpress/trunk/README.txt       |  7 +++++--
 .../trunk/public/class-typebot-public.php        | 16 +++++++++++-----
 packages/embeds/wordpress/trunk/typebot.php      |  4 ++--
 4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/packages/embeds/wordpress/package.json b/packages/embeds/wordpress/package.json
index b6affd374..5b8066f4f 100644
--- a/packages/embeds/wordpress/package.json
+++ b/packages/embeds/wordpress/package.json
@@ -1,13 +1,13 @@
 {
   "name": "@typebot.io/wordpress",
-  "version": "3.6.0",
+  "version": "3.6.1",
   "main": "index.js",
   "repository": "https://github.com/baptisteArno/typebot.io",
   "author": "baptisteArno",
   "license": "AGPL-3.0-or-later",
   "scripts": {
     "deploy": "pnpm copy && pnpm commit",
-    "copy": "svn copy ./trunk ./tags/3.6.0",
-    "commit": "svn ci -m 'Add lib_version attr in admin panel'"
+    "copy": "svn copy ./trunk ./tags/3.6.1",
+    "commit": "svn ci -m 'Fix XSS vulnerability with shortcode attributes'"
   }
 }
diff --git a/packages/embeds/wordpress/trunk/README.txt b/packages/embeds/wordpress/trunk/README.txt
index e8673905e..c5704ecce 100644
--- a/packages/embeds/wordpress/trunk/README.txt
+++ b/packages/embeds/wordpress/trunk/README.txt
@@ -2,10 +2,10 @@
 Contributors: baptisteArno
 Tags: typebot, forms, surveys, quizzes, form builder, survey builder, quiz builder, custom forms, mobile forms, payment forms, order forms, feedback forms, enquiry forms, stripe, dropbox, google sheets, mailchimp, salesforce, hubspot, activecampaign, infusionsoft, asana, hipchat, slack, trello, zendesk
 Requires at least: 5.0
-Tested up to: 6.5
+Tested up to: 6.6
 License: GPL 2.0
 License URI: http://www.gnu.org/licenses/gpl-2.0.txt
-Stable Tag: 3.6.0
+Stable Tag: 3.6.1
 
 == Description ==
 Collect 4x more responses with conversational apps using Typebot.
@@ -24,6 +24,9 @@ This plugin relies on Typebot which is a tool that allows you to create conversa
 3. Activate your Typebot with the "Typebot" admin button located in the sidebar
 
 == Changelog ==
+= 3.6.1 =
+* Fix XSS vulnerability with shortcode attributes
+
 = 3.6.0 =
 * Add the lib_version attribute to wp admin panel
 
diff --git a/packages/embeds/wordpress/trunk/public/class-typebot-public.php b/packages/embeds/wordpress/trunk/public/class-typebot-public.php
index 1cd927c51..efd27cf53 100644
--- a/packages/embeds/wordpress/trunk/public/class-typebot-public.php
+++ b/packages/embeds/wordpress/trunk/public/class-typebot-public.php
@@ -94,23 +94,23 @@ class Typebot_Public
   {
     $lib_version = '0.2';
     if(array_key_exists('lib_version', $attributes)) {
-      $lib_version = sanitize_text_field($attributes['lib_version']);
+      $lib_version = custom_sanitize_text_field($attributes['lib_version']);
     }
     $lib_url = "https://cdn.jsdelivr.net/npm/@typebot.io/js@". $lib_version ."/dist/web.js";
     $width = '100%';
     $height = '500px';
     $api_host = 'https://typebot.io';
     if (array_key_exists('width', $attributes)) {
-      $width = sanitize_text_field($attributes['width']);
+      $width = custom_sanitize_text_field($attributes['width']);
     }
     if (array_key_exists('height', $attributes)) {
-      $height = sanitize_text_field($attributes['height']);
+      $height = custom_sanitize_text_field($attributes['height']);
     }
     if (array_key_exists('typebot', $attributes)) {
-      $typebot = sanitize_text_field($attributes['typebot']);
+      $typebot = custom_sanitize_text_field($attributes['typebot']);
     }
     if (array_key_exists('host', $attributes)) {
-      $api_host = sanitize_text_field($attributes['host']);
+      $api_host = custom_sanitize_text_field($attributes['host']);
     }
     if (!$typebot) {
       return;
@@ -143,3 +143,9 @@ class Typebot_Public
     );
   }
 }
+
+function custom_sanitize_text_field($str) {
+  $str = str_replace(array('"', "'", '\\'), '', $str);
+  $str = sanitize_text_field($str);
+  return $str;
+}
diff --git a/packages/embeds/wordpress/trunk/typebot.php b/packages/embeds/wordpress/trunk/typebot.php
index bededf519..ec07c6019 100644
--- a/packages/embeds/wordpress/trunk/typebot.php
+++ b/packages/embeds/wordpress/trunk/typebot.php
@@ -3,7 +3,7 @@
 /**
  * Plugin Name:       Typebot
  * Description:       Convert more with conversational forms
- * Version:           3.6.0
+ * Version:           3.6.1
  * Author:            Typebot
  * Author URI:        http://typebot.io/
  * License:           GPL-2.0+
@@ -16,7 +16,7 @@ if (!defined('WPINC')) {
   die();
 }
 
-define('TYPEBOT_VERSION', '3.6.0');
+define('TYPEBOT_VERSION', '3.6.1');
 
 function activate_typebot()
 {