Merge pull request #844 from wpdev10/master

escape disable_greedy argument value in profile and profile header sh…

Author: wpdev10

readme.txt

@@ -150,6 +150,9 @@ Yes, you can customize it with Elementor, but also with Gutenberg, Divi, Beaver
 
 == Changelog ==
 
+= 1.2.42 - TBD =
+* escape disable_greedy argument value in profile and profile header shortcodes - FIXED
+
 = 1.2.41 - 2025-08-21 =
 * Author actions not visible in listings tab when default tab is empty - FIXED
 * Register form submit button is not translatable - FIXED

templates/bootstrap/profile-header.php

@@ -105,7 +105,7 @@
 						?>
                     </li>
                 </ul>
-				<?php echo do_shortcode( "[uwp_user_post_counts disable_greedy=".$args['disable_greedy']."]" ); ?>
+				<?php echo do_shortcode( "[uwp_user_post_counts disable_greedy=".esc_attr($args['disable_greedy'])."]" ); ?>
             </div>
             <div class="col-12 <?php if ( ! $uwp_in_user_loop ) { ?>col-xl-4 text-xl-right <?php } ?> text-center pt-2">
 				<?php

templates/bootstrap/profile.php

@@ -1,4 +1,4 @@
 <?php
-echo do_shortcode("[uwp_profile_header disable_greedy=".$args['disable_greedy']."]");
-echo do_shortcode("[uwp_profile_tabs disable_greedy=".$args['disable_greedy']."]");
+echo do_shortcode("[uwp_profile_header disable_greedy=".esc_attr($args['disable_greedy'])."]");
+echo do_shortcode("[uwp_profile_tabs disable_greedy=".esc_attr($args['disable_greedy'])."]");
 ?>