fix: corruption in JSON payloads due to escaping

auth0 · Jul 12, 2024 · 2e93c6f · 2e93c6f
1 parent a0a5b02
commit 2e93c6f
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Change Log
 
+## [Unreleased]
+
+**Fixed**
+
+- Resolved an issue with corrupted JSON payloads.
+
 ## [4.6.1](https://github.com/auth0/wp-auth0/tree/4.6.1) (2024-07-08)
 
 [Full Changelog](https://github.com/auth0/wp-auth0/compare/4.6.0...4.6.1)
@@ -11,7 +17,7 @@
 
 **Fixed**
 
-- Resolved issue with `?wle` parameter handling.
+- Resolved [CVE-2023-6813](ttps://github.com/auth0/wordpress/security/advisories/GHSA-x6p7-44rh-m3rr) involving a sanitization issue with `?wle` parameter.
 
 ## [4.6.0](https://github.com/auth0/wp-auth0/tree/4.6.0) (2024-01-11)
 

diff --git a/lib/WP_Auth0_Routes.php b/lib/WP_Auth0_Routes.php
@@ -109,7 +109,7 @@ public function custom_requests($wp, $return = false)
 			$wp->send_headers();
 		}
 
-		echo esc_js($output);
+		echo str_replace('&quot;', '"', $output);
 		exit;
 	}
-Original file line number
+Diff line change
@@ Expand Up / @@ -109,7 +109,7 @@ public function custom_requests($wp, $return = false) @@
     			$wp->send_headers();
     		}
-    		echo esc_js($output);
+    		echo str_replace('&quot;', '"', $output);
     		exit;
     	}
@@ Expand Down @@