Add missing escapes
This commit is contained in:
Brian Miyaji
@@ -96,7 +96,7 @@ class SP_Admin_CPT_Calendar extends SP_Admin_CPT {
|
||||
echo sizeof( $calendar->data() );
|
||||
break;
|
||||
case 'sp_layout':
|
||||
echo sp_array_value( SP()->formats->calendar, get_post_meta( $post_id, 'sp_format', true ), '—' );
|
||||
echo esc_html( sp_array_value( SP()->formats->calendar, get_post_meta( $post_id, 'sp_format', true ), '—' ) );
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -90,7 +90,7 @@ class SP_Admin_CPT_List extends SP_Admin_CPT {
|
||||
endif;
|
||||
break;
|
||||
case 'sp_layout':
|
||||
echo sp_array_value( SP()->formats->list, get_post_meta( $post_id, 'sp_format', true ), '—' );
|
||||
echo esc_html( sp_array_value( SP()->formats->list, get_post_meta( $post_id, 'sp_format', true ), '—' ) );
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -89,7 +89,7 @@ class SP_Admin_CPT_Player extends SP_Admin_CPT {
|
||||
public function custom_columns( $column, $post_id ) {
|
||||
switch ( $column ):
|
||||
case 'sp_number':
|
||||
echo get_post_meta ( $post_id, 'sp_number', true );
|
||||
echo esc_html( get_post_meta ( $post_id, 'sp_number', true ) );
|
||||
break;
|
||||
case 'sp_position':
|
||||
echo get_the_terms( $post_id, 'sp_position' ) ? the_terms( $post_id, 'sp_position' ) : '—';
|
||||
|
||||
@@ -41,7 +41,7 @@ class SP_Meta_Box_Calendar_Feeds {
|
||||
}
|
||||
?>
|
||||
<p>
|
||||
<strong><?php echo sp_array_value( $format, 'name' ); ?></strong>
|
||||
<strong><?php echo esc_html( sp_array_value( $format, 'name' ) ); ?></strong>
|
||||
<a class="sp-link" href="<?php echo esc_attr( $feed ); ?>" target="_blank" title="<?php _e( 'Link', 'sportspress' ); ?>"></a>
|
||||
</p>
|
||||
<p>
|
||||
|
||||
@@ -158,7 +158,7 @@ class SP_Meta_Box_List_Data {
|
||||
$value = sp_array_value( $player_stats, $column, '' );
|
||||
$placeholder = sp_array_value( sp_array_value( $placeholders, $player_id, array() ), $column, 0 );
|
||||
?>
|
||||
<td><input type="text" name="sp_players[<?php echo esc_attr( $player_id ); ?>][<?php echo esc_attr( $column ); ?>]" value="<?php echo esc_attr( $value ); ?>" placeholder="<?php echo esc_attr( $placeholder ); ?>" data-placeholder="<?php echo esc_attr( $placeholder ); ?>" data-matrix="<?php echo esc_attr( $player_id ); ?>_<?php echo esc_attr( $column ); ?>" data-adjustment="<?php echo sp_array_value( sp_array_value( $adjustments, $player_id, array() ), $column, 0 ); ?>" /></td>
|
||||
<td><input type="text" name="sp_players[<?php echo esc_attr( $player_id ); ?>][<?php echo esc_attr( $column ); ?>]" value="<?php echo esc_attr( $value ); ?>" placeholder="<?php echo esc_attr( $placeholder ); ?>" data-placeholder="<?php echo esc_attr( $placeholder ); ?>" data-matrix="<?php echo esc_attr( $player_id ); ?>_<?php echo esc_attr( $column ); ?>" data-adjustment="<?php echo esc_attr( sp_array_value( sp_array_value( $adjustments, $player_id, array() ), $column, 0 ) ); ?>" /></td>
|
||||
<?php endforeach; ?>
|
||||
</tr>
|
||||
<?php
|
||||
|
||||
@@ -45,7 +45,7 @@ class SP_Meta_Box_Outcome_Details extends SP_Meta_Box_Config {
|
||||
</p>
|
||||
<p><strong><?php _e( 'Abbreviation', 'sportspress' ); ?></strong></p>
|
||||
<p>
|
||||
<input name="sp_abbreviation" type="text" id="sp_abbreviation" value="<?php echo esc_attr( $abbreviation ); ?>" placeholder="<?php echo sp_substr( $post->post_title, 0, 1 ); ?>">
|
||||
<input name="sp_abbreviation" type="text" id="sp_abbreviation" value="<?php echo esc_attr( $abbreviation ); ?>" placeholder="<?php echo esc_attr( sp_substr( $post->post_title, 0, 1 ) ); ?>">
|
||||
</p>
|
||||
<p><strong><?php _e( 'Color', 'sportspress' ); ?></strong></p>
|
||||
<p>
|
||||
|
||||
@@ -89,7 +89,7 @@ class SP_Meta_Box_Team_Lists {
|
||||
<td><?php echo sizeof( $players ); ?></td>
|
||||
<td><?php echo get_the_terms ( $list->ID, 'sp_league' ) ? the_terms( $list->ID, 'sp_league' ) : '—'; ?></td>
|
||||
<td><?php echo get_the_terms ( $list->ID, 'sp_season' ) ? the_terms( $list->ID, 'sp_season' ) : '—'; ?></td>
|
||||
<td><?php echo sp_array_value( SP()->formats->list, $format, '—' ); ?></td>
|
||||
<td><?php echo esc_html( sp_array_value( SP()->formats->list, $format, '—' ) ); ?></td>
|
||||
</tr>
|
||||
<?php
|
||||
$i++;
|
||||
|
||||
@@ -213,7 +213,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<table class="sp-modules-table widefat" cellspacing="0">
|
||||
<thead>
|
||||
<tr><th>
|
||||
<?php echo sp_array_value( $this->sections, $section, __( 'Modules', 'sportspress' ) ); ?>
|
||||
<?php echo esc_html( sp_array_value( $this->sections, $section, __( 'Modules', 'sportspress' ) ) ); ?>
|
||||
</th></tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
@@ -221,7 +221,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<?php if ( isset( $module['class'] ) && ! class_exists( $module['class'] ) ) { ?>
|
||||
<tr class="sp-module-unavailable"><td>
|
||||
<input type="checkbox" disabled="disabled">
|
||||
<span class="sp-desc-tip" title="<?php echo sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ); ?>">
|
||||
<span class="sp-desc-tip" title="<?php echo esc_attr( sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ) ); ?>">
|
||||
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
|
||||
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
|
||||
</span>
|
||||
@@ -229,7 +229,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<span class="sp-desc">
|
||||
<?php echo wp_kses_post( $module['desc'] ); ?>
|
||||
<?php if ( array_key_exists( 'link', $module ) ) { ?>
|
||||
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ); ?></a>
|
||||
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo esc_html( sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ) ); ?></a>
|
||||
<?php } ?>
|
||||
</span>
|
||||
<?php } ?>
|
||||
@@ -238,8 +238,8 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<tr><td>
|
||||
<input type="checkbox" name="sportspress_load_<?php echo $id; ?>_module" id="sportspress_load_<?php echo $id; ?>_module" <?php checked( 'yes' == get_option( 'sportspress_load_' . $id . '_module', sp_array_value( $module, 'default', 'yes' ) ) ); ?>>
|
||||
<label for="sportspress_load_<?php echo $id; ?>_module">
|
||||
<i class="<?php echo sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ); ?>"></i>
|
||||
<?php echo sp_array_value( $module, 'label', $id ); ?>
|
||||
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
|
||||
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
|
||||
</label>
|
||||
<?php if ( isset( $module['desc'] ) ) { ?>
|
||||
<span class="sp-desc"><?php echo wp_kses_post( $module['desc'] ); ?></span>
|
||||
|
||||
@@ -124,7 +124,7 @@ class SP_Settings_Page {
|
||||
<li>
|
||||
<div class="sp-item-bar sp-layout-item-bar">
|
||||
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
|
||||
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
|
||||
<span class="sp-item-title item-title"><?php echo esc_html( sp_array_value( $details, 'title', ucfirst( $template ) ) ); ?></span>
|
||||
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
|
||||
</div>
|
||||
|
||||
@@ -181,7 +181,7 @@ class SP_Settings_Page {
|
||||
<li>
|
||||
<div class="sp-item-bar sp-layout-item-bar">
|
||||
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
|
||||
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
|
||||
<span class="sp-item-title item-title"><?php echo esc_html( sp_array_value( $details, 'title', ucfirst( $template ) ) ); ?></span>
|
||||
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
|
||||
</div>
|
||||
|
||||
|
||||
@@ -234,10 +234,10 @@ class SportsPress_Lazy_Loading {
|
||||
switch( $player_sort )
|
||||
{
|
||||
case 'name':
|
||||
echo sp_get_player_name_then_number( $post->ID );
|
||||
echo esc_html( sp_get_player_name_then_number( $post->ID ) );
|
||||
break;
|
||||
default: // 'jersey'
|
||||
echo sp_get_player_name_with_number( $post->ID );
|
||||
echo esc_html( sp_get_player_name_with_number( $post->ID ) );
|
||||
}
|
||||
?>
|
||||
</label>
|
||||
@@ -253,10 +253,10 @@ class SportsPress_Lazy_Loading {
|
||||
switch( $player_sort )
|
||||
{
|
||||
case 'name':
|
||||
echo sp_get_player_name_then_number( $post_id );
|
||||
echo esc_html( sp_get_player_name_then_number( $post_id ) );
|
||||
break;
|
||||
default: // 'jersey'
|
||||
echo sp_get_player_name_with_number( $post_id );
|
||||
echo esc_html( sp_get_player_name_with_number( $post_id ) );
|
||||
}
|
||||
?>
|
||||
</label>
|
||||
|
||||
@@ -174,13 +174,13 @@ if ( $title )
|
||||
<?php do_action( 'sportspress_event_blocks_before', $event, $usecolumns ); ?>
|
||||
<?php echo implode( ' ', $logos ); ?>
|
||||
<time class="sp-event-date" datetime="<?php echo $event->post_date; ?>" itemprop="startDate" content="<?php echo mysql2date( 'Y-m-d\TH:iP', $event->post_date ); ?>">
|
||||
<?php echo sp_add_link( get_the_time( get_option( 'date_format' ), $event ), $permalink, $link_events ); ?>
|
||||
<?php echo esc_html( sp_add_link( get_the_time( get_option( 'date_format' ), $event ), $permalink, $link_events ) ); ?>
|
||||
</time>
|
||||
<?php if ( $show_matchday ): $matchday = get_post_meta( $event->ID, 'sp_day', true ); if ( $matchday != '' ): ?>
|
||||
<div class="sp-event-matchday">(<?php echo $matchday; ?>)</div>
|
||||
<div class="sp-event-matchday">(<?php echo esc_html( $matchday ); ?>)</div>
|
||||
<?php endif; endif; ?>
|
||||
<h5 class="sp-event-results">
|
||||
<?php echo sp_add_link( '<span class="sp-result '.$event_status.'">' . implode( '</span> - <span class="sp-result">', apply_filters( 'sportspress_event_blocks_team_result_or_time', $results, $event->ID ) ) . '</span>', $permalink, $link_events ); ?>
|
||||
<?php echo esc_html( sp_add_link( '<span class="sp-result '.$event_status.'">' . implode( '</span> - <span class="sp-result">', apply_filters( 'sportspress_event_blocks_team_result_or_time', $results, $event->ID ) ) . '</span>', $permalink, $link_events ) ); ?>
|
||||
</h5>
|
||||
<?php if ( $show_league ): $leagues = get_the_terms( $event, 'sp_league' ); if ( $leagues ): $league = array_shift( $leagues ); ?>
|
||||
<div class="sp-event-league"><?php echo $league->name; ?></div>
|
||||
@@ -195,7 +195,7 @@ if ( $title )
|
||||
<div style="display:none;" class="sp-event-venue" itemprop="location" itemscope itemtype="http://schema.org/Place"><div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><?php _e( 'N/A', 'sportspress' ); ?></div></div>
|
||||
<?php endif; ?>
|
||||
<h4 class="sp-event-title" itemprop="name">
|
||||
<?php echo sp_add_link( $event->post_title, $permalink, $link_events ); ?>
|
||||
<?php echo esc_html( sp_add_link( $event->post_title, $permalink, $link_events ) ); ?>
|
||||
</h4>
|
||||
<?php do_action( 'sportspress_event_blocks_after', $event, $usecolumns ); ?>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user