From 1d2d05fde0fd683bc62688c585e90d485080f6ae Mon Sep 17 00:00:00 2001
From: Gawuww <gawuww3@gmail.com>
Date: Tue, 26 May 2026 15:40:24 +0300
Subject: [PATCH] FIX: XSS vulnerability
 https://github.com/Crocoblock/issues-tracker/issues/19877

---
 .../admin/view-columns/user-journey-query-column.php        | 2 +-
 modules/user-journey/module.php                             | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/user-journey/admin/view-columns/user-journey-query-column.php b/modules/user-journey/admin/view-columns/user-journey-query-column.php
index ca7fcaea1..1887c5cb2 100644
--- a/modules/user-journey/admin/view-columns/user-journey-query-column.php
+++ b/modules/user-journey/admin/view-columns/user-journey-query-column.php
@@ -18,6 +18,6 @@ public function get_label(): string {
 	public function get_value( array $record = array() ) {
 		$journey_query = $record['journey_query'] ?? '';
 
-		return $journey_query;
+		return esc_html( $journey_query );
 	}
 }
diff --git a/modules/user-journey/module.php b/modules/user-journey/module.php
index 66fe39d4a..9397eb324 100644
--- a/modules/user-journey/module.php
+++ b/modules/user-journey/module.php
@@ -642,11 +642,13 @@ public function save_user_journey( $record_id, $action_request ) {
 		}
 
 		foreach ( $journey_data as $step => $item ) {
+			$journey_query = urldecode( $item['query'] ?? '' );
+
 			$journey_results[] = array(
 				'record_id'     => $record_id,
 				'journey_step'  => $step,
 				'journey_url'   => sanitize_text_field( $item['url'] ),
-				'journey_query' => urldecode( $item['query'] ?? '' ),
+				'journey_query' => sanitize_textarea_field( $journey_query ),
 				'timestamp'     => $item['timestamp'],
 			);
 		}
@@ -662,4 +664,4 @@ public function save_user_journey( $record_id, $action_request ) {
 	public function get_rest(): User_Journey_Rest_Controller {
 		return $this->rest;
 	}
-}
\ No newline at end of file
+}