asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add missing escapes

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-06 20:25:32 +09:00
parent f2ded7b97a
commit 0836c2465b
11 changed files with 22 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
includes/admin/settings/class-sp-settings-modules.php
View File

@@ -213,7 +213,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
<table class="sp-modules-table widefat" cellspacing="0">
<thead>
<tr><th>
<?php echo sp_array_value( $this->sections, $section, __( 'Modules', 'sportspress' ) ); ?>
<?php echo esc_html( sp_array_value( $this->sections, $section, __( 'Modules', 'sportspress' ) ) ); ?>
</th></tr>
</thead>
<tbody>
@@ -221,7 +221,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
<?php if ( isset( $module['class'] ) && ! class_exists( $module['class'] ) ) { ?>
<tr class="sp-module-unavailable"><td>
<input type="checkbox" disabled="disabled">
<span class="sp-desc-tip" title="<?php echo sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ); ?>">
<span class="sp-desc-tip" title="<?php echo esc_attr( sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ) ); ?>">
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
</span>
@@ -229,7 +229,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
<span class="sp-desc">
<?php echo wp_kses_post( $module['desc'] ); ?>
<?php if ( array_key_exists( 'link', $module ) ) { ?>
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ); ?></a>
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo esc_html( sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ) ); ?></a>
<?php } ?>
</span>
<?php } ?>
@@ -238,8 +238,8 @@ class SP_Settings_Modules extends SP_Settings_Page {
<tr><td>
<input type="checkbox" name="sportspress_load_<?php echo $id; ?>_module" id="sportspress_load_<?php echo $id; ?>_module" <?php checked( 'yes' == get_option( 'sportspress_load_' . $id . '_module', sp_array_value( $module, 'default', 'yes' ) ) ); ?>>
<label for="sportspress_load_<?php echo $id; ?>_module">
<i class="<?php echo sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ); ?>"></i>
<?php echo sp_array_value( $module, 'label', $id ); ?>
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
</label>
<?php if ( isset( $module['desc'] ) ) { ?>
<span class="sp-desc"><?php echo wp_kses_post( $module['desc'] ); ?></span>

4
includes/admin/settings/class-sp-settings-page.php
View File

@@ -124,7 +124,7 @@ class SP_Settings_Page {
<li>
<div class="sp-item-bar sp-layout-item-bar">
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
<span class="sp-item-title item-title"><?php echo esc_html( sp_array_value( $details, 'title', ucfirst( $template ) ) ); ?></span>
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
</div>
@@ -181,7 +181,7 @@ class SP_Settings_Page {
<li>
<div class="sp-item-bar sp-layout-item-bar">
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
<span class="sp-item-title item-title"><?php echo esc_html( sp_array_value( $details, 'title', ucfirst( $template ) ) ); ?></span>
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
</div>