asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing escapes

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-06 20:25:32 +09:00
parent f2ded7b97a
commit 0836c2465b
11 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/post-types/class-sp-admin-cpt-calendar.php
View File

@@ -96,7 +96,7 @@ class SP_Admin_CPT_Calendar extends SP_Admin_CPT {
echo sizeof( $calendar->data() );
break;
case 'sp_layout':
echo sp_array_value( SP()->formats->calendar, get_post_meta( $post_id, 'sp_format', true ), '—' );
echo esc_html( sp_array_value( SP()->formats->calendar, get_post_meta( $post_id, 'sp_format', true ), '—' ) );
break;
endswitch;
}

2
includes/admin/post-types/class-sp-admin-cpt-list.php
View File

@@ -90,7 +90,7 @@ class SP_Admin_CPT_List extends SP_Admin_CPT {
endif;
break;
case 'sp_layout':
echo sp_array_value( SP()->formats->list, get_post_meta( $post_id, 'sp_format', true ), '—' );
echo esc_html( sp_array_value( SP()->formats->list, get_post_meta( $post_id, 'sp_format', true ), '—' ) );
break;
endswitch;
}

2
includes/admin/post-types/class-sp-admin-cpt-player.php
View File

@@ -89,7 +89,7 @@ class SP_Admin_CPT_Player extends SP_Admin_CPT {
public function custom_columns( $column, $post_id ) {
switch ( $column ):
case 'sp_number':
echo get_post_meta ( $post_id, 'sp_number', true );
echo esc_html( get_post_meta ( $post_id, 'sp_number', true ) );
break;
case 'sp_position':
echo get_the_terms( $post_id, 'sp_position' ) ? the_terms( $post_id, 'sp_position' ) : '—';

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-calendar-feeds.php
View File

@@ -41,7 +41,7 @@ class SP_Meta_Box_Calendar_Feeds {
}
?>
<p>
<strong><?php echo sp_array_value( $format, 'name' ); ?></strong>
<strong><?php echo esc_html( sp_array_value( $format, 'name' ) ); ?></strong>
<a class="sp-link" href="<?php echo esc_attr( $feed ); ?>" target="_blank" title="<?php _e( 'Link', 'sportspress' ); ?>"></a>
</p>
<p>

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-list-data.php
View File

@@ -158,7 +158,7 @@ class SP_Meta_Box_List_Data {
$value = sp_array_value( $player_stats, $column, '' );
$placeholder = sp_array_value( sp_array_value( $placeholders, $player_id, array() ), $column, 0 );
?>
<td><input type="text" name="sp_players[<?php echo esc_attr( $player_id ); ?>][<?php echo esc_attr( $column ); ?>]" value="<?php echo esc_attr( $value ); ?>" placeholder="<?php echo esc_attr( $placeholder ); ?>" data-placeholder="<?php echo esc_attr( $placeholder ); ?>" data-matrix="<?php echo esc_attr( $player_id ); ?>_<?php echo esc_attr( $column ); ?>" data-adjustment="<?php echo sp_array_value( sp_array_value( $adjustments, $player_id, array() ), $column, 0 ); ?>" /></td>
<td><input type="text" name="sp_players[<?php echo esc_attr( $player_id ); ?>][<?php echo esc_attr( $column ); ?>]" value="<?php echo esc_attr( $value ); ?>" placeholder="<?php echo esc_attr( $placeholder ); ?>" data-placeholder="<?php echo esc_attr( $placeholder ); ?>" data-matrix="<?php echo esc_attr( $player_id ); ?>_<?php echo esc_attr( $column ); ?>" data-adjustment="<?php echo esc_attr( sp_array_value( sp_array_value( $adjustments, $player_id, array() ), $column, 0 ) ); ?>" /></td>
<?php endforeach; ?>
</tr>
<?php

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-outcome-details.php
View File

@@ -45,7 +45,7 @@ class SP_Meta_Box_Outcome_Details extends SP_Meta_Box_Config {
</p>
<p><strong><?php _e( 'Abbreviation', 'sportspress' ); ?></strong></p>
<p>
<input name="sp_abbreviation" type="text" id="sp_abbreviation" value="<?php echo esc_attr( $abbreviation ); ?>" placeholder="<?php echo sp_substr( $post->post_title, 0, 1 ); ?>">
<input name="sp_abbreviation" type="text" id="sp_abbreviation" value="<?php echo esc_attr( $abbreviation ); ?>" placeholder="<?php echo esc_attr( sp_substr( $post->post_title, 0, 1 ) ); ?>">
</p>
<p><strong><?php _e( 'Color', 'sportspress' ); ?></strong></p>
<p>

2
includes/admin/post-types/meta-boxes/class-sp-meta-box-team-lists.php
View File

@@ -89,7 +89,7 @@ class SP_Meta_Box_Team_Lists {
<td><?php echo sizeof( $players ); ?></td>
<td><?php echo get_the_terms ( $list->ID, 'sp_league' ) ? the_terms( $list->ID, 'sp_league' ) : '&mdash;'; ?></td>
<td><?php echo get_the_terms ( $list->ID, 'sp_season' ) ? the_terms( $list->ID, 'sp_season' ) : '&mdash;'; ?></td>
<td><?php echo sp_array_value( SP()->formats->list, $format, '&mdash;' ); ?></td>
<td><?php echo esc_html( sp_array_value( SP()->formats->list, $format, '&mdash;' ) ); ?></td>
</tr>
<?php
$i++;

10
includes/admin/settings/class-sp-settings-modules.php
View File

@@ -213,7 +213,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
<table class="sp-modules-table widefat" cellspacing="0">
<thead>
<tr><th>
<?php echo sp_array_value( $this->sections, $section, __( 'Modules', 'sportspress' ) ); ?>
<?php echo esc_html( sp_array_value( $this->sections, $section, __( 'Modules', 'sportspress' ) ) ); ?>
</th></tr>
</thead>
<tbody>
@@ -221,7 +221,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
<?php if ( isset( $module['class'] ) && ! class_exists( $module['class'] ) ) { ?>
<tr class="sp-module-unavailable"><td>
<input type="checkbox" disabled="disabled">
<span class="sp-desc-tip" title="<?php echo sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ); ?>">
<span class="sp-desc-tip" title="<?php echo esc_attr( sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ) ); ?>">
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
</span>
@@ -229,7 +229,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
<span class="sp-desc">
<?php echo wp_kses_post( $module['desc'] ); ?>
<?php if ( array_key_exists( 'link', $module ) ) { ?>
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ); ?></a>
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo esc_html( sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ) ); ?></a>
<?php } ?>
</span>
<?php } ?>
@@ -238,8 +238,8 @@ class SP_Settings_Modules extends SP_Settings_Page {
<tr><td>
<input type="checkbox" name="sportspress_load_<?php echo $id; ?>_module" id="sportspress_load_<?php echo $id; ?>_module" <?php checked( 'yes' == get_option( 'sportspress_load_' . $id . '_module', sp_array_value( $module, 'default', 'yes' ) ) ); ?>>
<label for="sportspress_load_<?php echo $id; ?>_module">
<i class="<?php echo sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ); ?>"></i>
<?php echo sp_array_value( $module, 'label', $id ); ?>
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
</label>
<?php if ( isset( $module['desc'] ) ) { ?>
<span class="sp-desc"><?php echo wp_kses_post( $module['desc'] ); ?></span>

4
includes/admin/settings/class-sp-settings-page.php
View File

@@ -124,7 +124,7 @@ class SP_Settings_Page {
<li>
<div class="sp-item-bar sp-layout-item-bar">
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
<span class="sp-item-title item-title"><?php echo esc_html( sp_array_value( $details, 'title', ucfirst( $template ) ) ); ?></span>
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
</div>
@@ -181,7 +181,7 @@ class SP_Settings_Page {
<li>
<div class="sp-item-bar sp-layout-item-bar">
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
<span class="sp-item-title item-title"><?php echo esc_html( sp_array_value( $details, 'title', ucfirst( $template ) ) ); ?></span>
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
</div>