Merge pull request #1203 from Codeinwp/bugfix/503

Fixed data escaping issue with import file

Author: vytisbulkevicius

.github/workflows/test-e2e.yml

@@ -14,7 +14,7 @@ jobs:
       DOCKER_FILE: docker-compose.ci.yml
     strategy:
       fail-fast: false
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-node@v2

.github/workflows/test-php.yml

@@ -36,7 +36,7 @@ jobs:
 
   phpunit:
     name: PHPUnit
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     services:
       mysql:
         image: mysql:5.7

classes/Visualizer/Source.php

@@ -429,7 +429,7 @@ private function _fetchSeriesFromEditableTable() {
 			foreach ( $headers as $header ) {
 				if ( ! empty( $types[ $header ] ) ) {
 					$this->_series[] = array(
-						'label' => $header,
+						'label' => esc_html( wp_strip_all_tags( $header ) ),
 						'type'  => $types[ $header ],
 					);
 				}

classes/Visualizer/Source/Csv.php

@@ -97,7 +97,7 @@ private function _fetchSeries( &$handle ) {
 			$labels[ $i ] = $this->toUTF8( $labels[ $i ] );
 
 			$this->_series[] = array(
-				'label' => $labels[ $i ],
+				'label' => esc_html( wp_strip_all_tags( $labels[ $i ] ) ),
 				'type'  => isset( $types[ $i ] ) ? $types[ $i ] : $default_type,
 			);
 		}