Escape outputs
This commit is contained in:
Brian Miyaji
@@ -4,9 +4,9 @@ class SP_Widget_Birthdays extends WP_Widget {
|
||||
function __construct() {
|
||||
$widget_ops = array(
|
||||
'classname' => 'widget_sportspress widget_birthdays widget_sp_birthdays',
|
||||
'description' => __( 'Display players and staff on their birthday.', 'sportspress' ),
|
||||
'description' => esc_attr__( 'Display players and staff on their birthday.', 'sportspress' ),
|
||||
);
|
||||
parent::__construct( 'sportspress-birthdays', __( 'Birthdays', 'sportspress' ), $widget_ops );
|
||||
parent::__construct( 'sportspress-birthdays', esc_attr__( 'Birthdays', 'sportspress' ), $widget_ops );
|
||||
}
|
||||
|
||||
function widget( $args, $instance ) {
|
||||
@@ -16,10 +16,10 @@ class SP_Widget_Birthdays extends WP_Widget {
|
||||
$birthday_format = empty( $instance['birthday_format'] ) ? 'birthday' : strip_tags( $instance['birthday_format'] );
|
||||
|
||||
do_action( 'sportspress_before_widget', $args, $instance, 'birthdays' );
|
||||
echo $before_widget;
|
||||
echo wp_kses_post( $before_widget );
|
||||
|
||||
if ( $title ) {
|
||||
echo $before_title . $title . $after_title;
|
||||
echo wp_kses_post( $before_title . $title . $after_title );
|
||||
}
|
||||
|
||||
// Action to hook into
|
||||
@@ -36,7 +36,7 @@ class SP_Widget_Birthdays extends WP_Widget {
|
||||
// Action to hook into
|
||||
do_action( 'sportspress_after_widget_template', $args, $instance, 'birthdays' );
|
||||
|
||||
echo $after_widget;
|
||||
echo wp_kses_post( $after_widget );
|
||||
do_action( 'sportspress_after_widget', $args, $instance, 'birthdays' );
|
||||
}
|
||||
|
||||
@@ -64,37 +64,37 @@ class SP_Widget_Birthdays extends WP_Widget {
|
||||
$title = strip_tags( $instance['title'] );
|
||||
$date = strip_tags( $instance['date'] );
|
||||
$options = array(
|
||||
'day' => __( 'Today', 'sportspress' ),
|
||||
'week' => __( 'This week', 'sportspress' ),
|
||||
'month' => __( 'This month', 'sportspress' ),
|
||||
'day' => esc_attr__( 'Today', 'sportspress' ),
|
||||
'week' => esc_attr__( 'This week', 'sportspress' ),
|
||||
'month' => esc_attr__( 'This month', 'sportspress' ),
|
||||
);
|
||||
$birthday_format = strip_tags( $instance['birthday_format'] );
|
||||
$birthday_options = array(
|
||||
'hide' => __( 'Hide', 'sportspress' ),
|
||||
'birthday' => __( 'Birthday', 'sportspress' ),
|
||||
'age' => __( 'Age', 'sportspress' ),
|
||||
'birthdayage' => __( 'Birthday (Age)', 'sportspress' ),
|
||||
'hide' => esc_attr__( 'Hide', 'sportspress' ),
|
||||
'birthday' => esc_attr__( 'Birthday', 'sportspress' ),
|
||||
'age' => esc_attr__( 'Age', 'sportspress' ),
|
||||
'birthdayage' => esc_attr__( 'Birthday (Age)', 'sportspress' ),
|
||||
);
|
||||
|
||||
// Action to hook into
|
||||
do_action( 'sportspress_before_widget_template_form', $this, $instance, 'birthdays' );
|
||||
?>
|
||||
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:', 'sportspress' ); ?></label>
|
||||
<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
|
||||
<p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php esc_attr_e( 'Title:', 'sportspress' ); ?></label>
|
||||
<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
|
||||
|
||||
<p>
|
||||
<label for="<?php echo $this->get_field_id( 'date' ); ?>"><?php _e( 'Birthday:', 'sportspress' ); ?></label>
|
||||
<select name="<?php echo $this->get_field_name( 'date' ); ?>" id="<?php echo $this->get_field_id( 'date' ); ?>" class="postform widefat">
|
||||
<label for="<?php echo esc_attr( $this->get_field_id( 'date' ) ); ?>"><?php esc_attr_e( 'Birthday:', 'sportspress' ); ?></label>
|
||||
<select name="<?php echo esc_attr( $this->get_field_name( 'date' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'date' ) ); ?>" class="postform widefat">
|
||||
<?php foreach ( $options as $value => $label ) { ?>
|
||||
<option value="<?php echo $value; ?>" <?php selected( $value, $date ); ?>><?php echo $label; ?></option>
|
||||
<option value="<?php echo esc_attr( $value ); ?>" <?php selected( $value, $date ); ?>><?php echo esc_attr( $label ); ?></option>
|
||||
<?php } ?>
|
||||
</select>
|
||||
</p>
|
||||
<p>
|
||||
<label for="<?php echo $this->get_field_id( 'birthday_format' ); ?>"><?php _e( 'Format:', 'sportspress' ); ?></label>
|
||||
<select name="<?php echo $this->get_field_name( 'birthday_format' ); ?>" id="<?php echo $this->get_field_id( 'birthday_format' ); ?>" class="postform widefat">
|
||||
<label for="<?php echo esc_attr( $this->get_field_id( 'birthday_format' ) ); ?>"><?php esc_attr_e( 'Format:', 'sportspress' ); ?></label>
|
||||
<select name="<?php echo esc_attr( $this->get_field_name( 'birthday_format' ) ); ?>" id="<?php echo esc_attr( $this->get_field_id( 'birthday_format' ) ); ?>" class="postform widefat">
|
||||
<?php foreach ( $birthday_options as $value => $label ) { ?>
|
||||
<option value="<?php echo $value; ?>" <?php selected( $value, $birthday_format ); ?>><?php echo esc_html( $label ); ?></option>
|
||||
<option value="<?php echo esc_attr( $value ); ?>" <?php selected( $value, $birthday_format ); ?>><?php echo esc_html( $label ); ?></option>
|
||||
<?php } ?>
|
||||
</select>
|
||||
</p>
|
||||
|
||||
Reference in New Issue
Block a user