From 183b86ad97c57c2d9bd0f8e2557affad7f919ebc Mon Sep 17 00:00:00 2001
From: Jacob Peattie <jacob.peattie@10up.com>
Date: Wed, 11 May 2022 19:20:57 +1000
Subject: [PATCH] Strip slashes when saving features. Fixes #2731.

---
 includes/dashboard.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/includes/dashboard.php b/includes/dashboard.php
index 09f8331cfe..8afc8fd4eb 100644
--- a/includes/dashboard.php
+++ b/includes/dashboard.php
@@ -421,6 +421,8 @@ function action_wp_ajax_ep_cancel_index() {
  * @since  2.2
  */
 function action_wp_ajax_ep_save_feature() {
+	$_POST = wp_unslash( $_POST );
+
 	if ( empty( $_POST['feature'] ) || empty( $_POST['settings'] ) || ! check_ajax_referer( 'ep_dashboard_nonce', 'nonce', false ) ) {
 		wp_send_json_error();
 		exit;