Escape output vars of Admin Settings pages
This commit is contained in:
savvasha
@@ -502,7 +502,7 @@ class SP_Settings_Events extends SP_Settings_Page {
|
||||
<?php foreach ( $delimiters as $delimiter ): ?>
|
||||
<label title="<?php echo $delimiter; ?>"><input type="radio" class="preset" name="sportspress_event_teams_delimiter_preset" value="<?php echo $delimiter; ?>" data-example="<?php printf( $example, $delimiter ); ?>" <?php checked( $delimiter, $selection ); ?>> <span><?php printf( $example, $delimiter ); ?></span></label><br>
|
||||
<?php endforeach; ?>
|
||||
<label><input type="radio" class="preset" name="sportspress_event_teams_delimiter_preset" value="\c\u\s\t\o\m" <?php checked( false, in_array( $selection, $delimiters ) ); ?>> <?php _e( 'Custom:', 'sportspress' ); ?> </label><input type="text" class="small-text value" name="sportspress_event_teams_delimiter" value="<?php echo $selection; ?>" data-example-format="<?php printf( $example, '__val__' ); ?>">
|
||||
<label><input type="radio" class="preset" name="sportspress_event_teams_delimiter_preset" value="\c\u\s\t\o\m" <?php checked( false, in_array( $selection, $delimiters ) ); ?>> <?php _e( 'Custom:', 'sportspress' ); ?> </label><input type="text" class="small-text value" name="sportspress_event_teams_delimiter" value="<?php echo esc_attr( $selection ); ?>" data-example-format="<?php printf( $example, '__val__' ); ?>">
|
||||
<span class="example"><?php printf( $example, $selection ); ?></span>
|
||||
</fieldset>
|
||||
</td>
|
||||
|
||||
@@ -356,13 +356,13 @@ class SP_Settings_General extends SP_Settings_Page {
|
||||
<fieldset>
|
||||
<?php foreach ( $color_schemes as $name => $colors ) { ?>
|
||||
<div class="color-option sp-color-option">
|
||||
<label data-sp-colors="<?php echo implode( ',', $colors ); ?>"><?php echo $name; ?></label>
|
||||
<label data-sp-colors="<?php echo implode( ',', $colors ); ?>"><?php echo esc_attr( $name ); ?></label>
|
||||
<table class="color-palette">
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="background-color: #<?php echo $colors[0]; ?>"> </td>
|
||||
<td style="background-color: #<?php echo $colors[0]; ?>"> </td>
|
||||
<td style="background-color: #<?php echo $colors[4]; ?>"> </td>
|
||||
<td style="background-color: #<?php echo esc_attr( $colors[0] ); ?>"> </td>
|
||||
<td style="background-color: #<?php echo esc_attr( $colors[0] ); ?>"> </td>
|
||||
<td style="background-color: #<?php echo esc_attr( $colors[4] ); ?>"> </td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@@ -62,7 +62,7 @@ class SP_Settings_Licenses extends SP_Settings_Page {
|
||||
$status = get_site_option( 'sportspress_' . $id . '_license_status', false );
|
||||
?>
|
||||
<div class="sp-settings-section sp-settings-section-license_options">
|
||||
<h3><?php echo $license['name']; ?></h3>
|
||||
<h3><?php echo esc_attr( $license['name'] ); ?></h3>
|
||||
<table class="form-table sp-licenses-table">
|
||||
<tbody>
|
||||
<tr>
|
||||
@@ -77,13 +77,13 @@ class SP_Settings_Licenses extends SP_Settings_Page {
|
||||
<td>
|
||||
<?php if ( false !== $status && 'valid' == $status ) { ?>
|
||||
<p>
|
||||
<input type="text" name="sp_license_key_<?php echo $id; ?>" size="40" value="<?php esc_attr_e( $key ); ?>" readonly="readonly">
|
||||
<input name="sp_license_deactivate_<?php echo $id; ?>" class="button button-secondary button-small" type="submit" value="<?php esc_attr_e( 'Deactivate', 'sportspress' ); ?>" />
|
||||
<input type="text" name="sp_license_key_<?php echo esc_attr( $id ); ?>" size="40" value="<?php esc_attr_e( $key ); ?>" readonly="readonly">
|
||||
<input name="sp_license_deactivate_<?php echo esc_attr( $id ); ?>" class="button button-secondary button-small" type="submit" value="<?php esc_attr_e( 'Deactivate', 'sportspress' ); ?>" />
|
||||
</p>
|
||||
<?php } else { ?>
|
||||
<p>
|
||||
<input type="text" name="sp_license_key_<?php echo $id; ?>" size="40">
|
||||
<input name="sp_license_activate_<?php echo $id; ?>" class="button button-primary button-small" type="submit" value="<?php esc_attr_e( 'Activate', 'sportspress' ); ?>" />
|
||||
<input type="text" name="sp_license_key_<?php echo esc_attr( $id ); ?>" size="40">
|
||||
<input name="sp_license_activate_<?php echo esc_attr( $id ); ?>" class="button button-primary button-small" type="submit" value="<?php esc_attr_e( 'Activate', 'sportspress' ); ?>" />
|
||||
</p>
|
||||
<?php } ?>
|
||||
</td>
|
||||
|
||||
@@ -104,7 +104,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr><td>
|
||||
<img src="<?php echo $theme->get_screenshot(); ?>" class="sp-theme-screenshot">
|
||||
<img src="<?php echo esc_url( $theme->get_screenshot() ); ?>" class="sp-theme-screenshot">
|
||||
<p><?php _e( 'Rookie is a free starter theme for SportsPress designed by ThemeBoy.', 'sportspress' ); ?></p>
|
||||
<p class="sp-module-actions">
|
||||
<span><?php _e( 'Need a better theme?', 'sportspress' ); ?></span>
|
||||
@@ -193,10 +193,10 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<tbody>
|
||||
<tr><td>
|
||||
<?php foreach ( $categories as $slug => $category ) { ?>
|
||||
<p><strong><i class="<?php echo $category['icon']; ?>"></i> <?php echo $category['label']; ?></strong></p>
|
||||
<ul class="sp-<?php echo $slug; ?>-links">
|
||||
<p><strong><i class="<?php echo esc_attr( $category['icon'] ); ?>"></i> <?php echo esc_attr( $category['label'] ); ?></strong></p>
|
||||
<ul class="sp-<?php echo esc_attr( $slug ); ?>-links">
|
||||
<?php foreach ( $category['links'] as $url => $text ) { ?>
|
||||
<li><a href="<?php echo $url; ?>" target="_blank"><?php echo $text; ?></a></li>
|
||||
<li><a href="<?php echo esc_url( $url ); ?>" target="_blank"><?php echo wp_kses_post( $text ); ?></a></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
<?php } ?>
|
||||
@@ -227,7 +227,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
</span>
|
||||
<?php if ( isset( $module['desc'] ) ) { ?>
|
||||
<span class="sp-desc">
|
||||
<?php echo $module['desc']; ?>
|
||||
<?php echo wp_kses_post( $module['desc'] ); ?>
|
||||
<?php if ( array_key_exists( 'link', $module ) ) { ?>
|
||||
<a href="<?php echo apply_filters( 'sportspress_pro_url', $module['link'] ); ?>" target="_blank"><?php echo sp_array_value( $module, 'action', __( 'Learn more', 'sportspress' ) ); ?></a>
|
||||
<?php } ?>
|
||||
@@ -242,7 +242,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<?php echo sp_array_value( $module, 'label', $id ); ?>
|
||||
</label>
|
||||
<?php if ( isset( $module['desc'] ) ) { ?>
|
||||
<span class="sp-desc"><?php echo $module['desc']; ?></span>
|
||||
<span class="sp-desc"><?php echo wp_kses_post( $module['desc'] ); ?></span>
|
||||
<?php } ?>
|
||||
</td></tr>
|
||||
<?php } ?>
|
||||
|
||||
@@ -125,12 +125,12 @@ class SP_Settings_Page {
|
||||
<div class="sp-item-bar sp-layout-item-bar">
|
||||
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
|
||||
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
|
||||
<input type="hidden" name="sportspress_<?php echo $this->template; ?>_template_order[]" value="<?php echo $template; ?>">
|
||||
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
|
||||
</div>
|
||||
|
||||
<input type="hidden" name="sportspress_template_visibility[<?php echo $option; ?>]" value="0">
|
||||
<input class="sp-toggle-switch" type="checkbox" name="sportspress_template_visibility[<?php echo $option; ?>]" id="<?php echo $option; ?>" value="1" <?php checked( $visibility, 'yes' ); ?>>
|
||||
<label for="sportspress_<?php echo $this->template; ?>_show_<?php echo $template; ?>"></label>
|
||||
<input type="hidden" name="sportspress_template_visibility[<?php echo esc_attr( $option ); ?>]" value="0">
|
||||
<input class="sp-toggle-switch" type="checkbox" name="sportspress_template_visibility[<?php echo esc_attr( $option ); ?>]" id="<?php echo esc_attr( $option ); ?>" value="1" <?php checked( $visibility, 'yes' ); ?>>
|
||||
<label for="sportspress_<?php echo esc_attr( $this->template ); ?>_show_<?php echo esc_attr( $template ); ?>"></label>
|
||||
</div>
|
||||
</li>
|
||||
<?php } ?>
|
||||
@@ -170,7 +170,7 @@ class SP_Settings_Page {
|
||||
</th>
|
||||
<td class="sp-sortable-list-container">
|
||||
<p class="description"><?php _e( 'Drag items here to display them as tabs.', 'sportspress' ); ?></p>
|
||||
<input type="hidden" name="sportspress_<?php echo $this->template; ?>_template_order[]" value="tabs">
|
||||
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="tabs">
|
||||
|
||||
<ul class="sp-layout sp-sortable-list sp-connected-list ui-sortable">
|
||||
<?php foreach ( $templates as $template => $details ) {
|
||||
@@ -182,12 +182,12 @@ class SP_Settings_Page {
|
||||
<div class="sp-item-bar sp-layout-item-bar">
|
||||
<div class="sp-item-handle sp-layout-item-handle ui-sortable-handle">
|
||||
<span class="sp-item-title item-title"><?php echo sp_array_value( $details, 'title', ucfirst( $template ) ); ?></span>
|
||||
<input type="hidden" name="sportspress_<?php echo $this->template; ?>_template_order[]" value="<?php echo $template; ?>">
|
||||
<input type="hidden" name="sportspress_<?php echo esc_attr( $this->template ); ?>_template_order[]" value="<?php echo esc_attr( $template ); ?>">
|
||||
</div>
|
||||
|
||||
<input type="hidden" name="sportspress_template_visibility[<?php echo $option; ?>]" value="0">
|
||||
<input class="sp-toggle-switch" type="checkbox" name="sportspress_template_visibility[<?php echo $option; ?>]" id="<?php echo $option; ?>" value="1" <?php checked( $visibility, 'yes' ); ?>>
|
||||
<label for="sportspress_<?php echo $this->template; ?>_show_<?php echo $template; ?>"></label>
|
||||
<input type="hidden" name="sportspress_template_visibility[<?php echo esc_attr( $option ); ?>]" value="0">
|
||||
<input class="sp-toggle-switch" type="checkbox" name="sportspress_template_visibility[<?php echo esc_attr( $option ); ?>]" id="<?php echo esc_attr( $option ); ?>" value="1" <?php checked( $visibility, 'yes' ); ?>>
|
||||
<label for="sportspress_<?php echo esc_attr( $this->template ); ?>_show_<?php echo esc_attr( $template ); ?>"></label>
|
||||
</div>
|
||||
</li>
|
||||
<?php } ?>
|
||||
|
||||
@@ -390,7 +390,7 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
<td>
|
||||
<?php
|
||||
$object = get_post_type_object( $post_type );
|
||||
echo $object->labels->name;
|
||||
echo esc_attr( $object->labels->name );
|
||||
?>:
|
||||
</td>
|
||||
<td>
|
||||
@@ -442,13 +442,13 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
<tr>
|
||||
<td><?php _e( 'Theme Name', 'sportspress' ); ?>:</td>
|
||||
<td><?php
|
||||
echo $active_theme->Name;
|
||||
echo esc_attr( $active_theme->Name );
|
||||
?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><?php _e( 'Theme Version', 'sportspress' ); ?>:</td>
|
||||
<td><?php
|
||||
echo $active_theme->Version;
|
||||
echo esc_attr( $active_theme->Version );
|
||||
|
||||
if ( ! empty( $theme_version_data['version'] ) && version_compare( $theme_version_data['version'], $active_theme->Version, '!=' ) )
|
||||
echo ' – <strong style="color:red;">' . $theme_version_data['version'] . ' ' . __( 'is available', 'sportspress' ) . '</strong>';
|
||||
@@ -457,7 +457,7 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
<tr>
|
||||
<td><?php _e( 'Author URL', 'sportspress' ); ?>:</td>
|
||||
<td><?php
|
||||
echo $active_theme->{'Author URI'};
|
||||
echo esc_url( $active_theme->{'Author URI'} );
|
||||
?></td>
|
||||
</tr>
|
||||
</tbody>
|
||||
|
||||
Reference in New Issue
Block a user