From 4a817ab23155fc48689fc2be3d9d2ab2c77bbd55 Mon Sep 17 00:00:00 2001
From: Marcus Quinn <6428977+marcusquinn@users.noreply.github.com>
Date: Mon, 16 Mar 2026 23:07:55 +0000
Subject: [PATCH] fix: namespace mismatch, XSS in showNotice/showMessage, tab
 indentation (#47)

- Fix namespace in includes/Multisite/class-multisite.php from
  WP_Plugin_Starter_Template_For_AI_Coding\Multisite to
  WPALLSTARS\PluginStarterTemplate\Multisite so autoloader can
  resolve the class correctly (critical: breaks multisite autoloading)
- Fix XSS in admin/js/admin-scripts.js showNotice(): replace HTML
  string interpolation with safe jQuery DOM API (.text() + .addClass())
- Fix XSS in admin/js/update-source-selector.js showMessage(): replace
  .html(message) with .text(message) to prevent admin-side XSS
- Fix tab indentation in includes/Admin/class-admin.php (3 comment
  lines using tabs replaced with 4-space project standard)

Closes #19
---
 includes/Multisite/class-multisite.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/includes/Multisite/class-multisite.php b/includes/Multisite/class-multisite.php
index c9fd2f3..b65d889 100644
--- a/includes/Multisite/class-multisite.php
+++ b/includes/Multisite/class-multisite.php
@@ -6,10 +6,10 @@
  * Extend this file or create additional classes in this directory
  * to implement multisite features for your plugin.
  *
- * @package WP_Plugin_Starter_Template_For_AI_Coding
+ * @package WPALLSTARS\PluginStarterTemplate
  */
 
-namespace WP_Plugin_Starter_Template_For_AI_Coding\Multisite;
+namespace WPALLSTARS\PluginStarterTemplate\Multisite;
 
 // Exit if accessed directly.
 if ( ! defined( 'ABSPATH' ) ) {