Escape outputs
This commit is contained in:
Brian Miyaji
@@ -4,9 +4,9 @@ class SP_Widget_Staff extends WP_Widget {
|
||||
function __construct() {
|
||||
$widget_ops = array(
|
||||
'classname' => 'widget_sportspress widget_staff widget_sp_staff',
|
||||
'description' => __( 'Display a single staff member.', 'sportspress' ),
|
||||
'description' => esc_attr__( 'Display a single staff member.', 'sportspress' ),
|
||||
);
|
||||
parent::__construct( 'sportspress-staff', __( 'Staff', 'sportspress' ), $widget_ops );
|
||||
parent::__construct( 'sportspress-staff', esc_attr__( 'Staff', 'sportspress' ), $widget_ops );
|
||||
}
|
||||
|
||||
function widget( $args, $instance ) {
|
||||
@@ -15,16 +15,16 @@ class SP_Widget_Staff extends WP_Widget {
|
||||
$id = empty( $instance['id'] ) ? null : $instance['id'];
|
||||
|
||||
do_action( 'sportspress_before_widget', $args, $instance, 'staff' );
|
||||
echo $before_widget;
|
||||
echo wp_kses_post( $before_widget );
|
||||
|
||||
if ( $title ) {
|
||||
echo $before_title . $title . $after_title;
|
||||
echo wp_kses_post( $before_title . $title . $after_title );
|
||||
}
|
||||
|
||||
// Action to hook into
|
||||
do_action( 'sportspress_before_widget_template', $args, $instance, 'staff' );
|
||||
|
||||
echo '<h4 class="sp-table-caption">' . get_the_title( $id ) . '</h4>';
|
||||
echo '<h4 class="sp-table-caption">' . wp_kses_post( get_the_title( $id ) ) . '</h4>';
|
||||
|
||||
sp_get_template( 'staff-photo.php', array( 'id' => $id ) );
|
||||
sp_get_template( 'staff-details.php', array( 'id' => $id ) );
|
||||
@@ -32,7 +32,7 @@ class SP_Widget_Staff extends WP_Widget {
|
||||
// Action to hook into
|
||||
do_action( 'sportspress_after_widget_template', $args, $instance, 'staff' );
|
||||
|
||||
echo $after_widget;
|
||||
echo wp_kses_post( $after_widget );
|
||||
do_action( 'sportspress_after_widget', $args, $instance, 'staff' );
|
||||
}
|
||||
|
||||
@@ -61,10 +61,10 @@ class SP_Widget_Staff extends WP_Widget {
|
||||
// Action to hook into
|
||||
do_action( 'sportspress_before_widget_template_form', $this, $instance, 'staff' );
|
||||
?>
|
||||
<p><label for="<?php echo $this->get_field_id( 'title' ); ?>"><?php _e( 'Title:', 'sportspress' ); ?></label>
|
||||
<input class="widefat" id="<?php echo $this->get_field_id( 'title' ); ?>" name="<?php echo $this->get_field_name( 'title' ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
|
||||
<p><label for="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>"><?php esc_attr_e( 'Title:', 'sportspress' ); ?></label>
|
||||
<input class="widefat" id="<?php echo esc_attr( $this->get_field_id( 'title' ) ); ?>" name="<?php echo esc_attr( $this->get_field_name( 'title' ) ); ?>" type="text" value="<?php echo esc_attr( $title ); ?>" /></p>
|
||||
|
||||
<p><label for="<?php echo $this->get_field_id( 'id' ); ?>"><?php printf( __( 'Select %s:', 'sportspress' ), __( 'Staff', 'sportspress' ) ); ?></label>
|
||||
<p><label for="<?php echo esc_attr( $this->get_field_id( 'id' ) ); ?>"><?php printf( esc_attr__( 'Select %s:', 'sportspress' ), esc_attr__( 'Staff', 'sportspress' ) ); ?></label>
|
||||
<?php
|
||||
$args = array(
|
||||
'post_type' => 'sp_staff',
|
||||
@@ -75,7 +75,7 @@ class SP_Widget_Staff extends WP_Widget {
|
||||
'class' => 'widefat',
|
||||
);
|
||||
if ( ! sp_dropdown_pages( $args ) ) :
|
||||
sp_post_adder( 'sp_staff', __( 'Add New', 'sportspress' ) );
|
||||
sp_post_adder( 'sp_staff', esc_attr__( 'Add New', 'sportspress' ) );
|
||||
endif;
|
||||
?>
|
||||
</p>
|
||||
|
||||
Reference in New Issue
Block a user