asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape outputs

Browse Source
This commit is contained in:
Brian Miyaji
2021-11-13 20:42:08 +09:00
parent 051d3e3055
commit 23ba2446b1
190 changed files with 2837 additions and 2837 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
templates/birthdays.php
View File

@@ -108,7 +108,7 @@ foreach ( $posts as $post ) {
$age = $sp_birthdays->get_age( get_the_date( 'm-d-Y', $post->ID ) );
$heading = '<h4 class="sp-table-caption">' . $birthday . ' (' . $age . ')</h4>';
}
echo $heading;
echo wp_kses_post( $heading );
echo '<div class="gallery">';

32
templates/countdown.php
View File

@@ -114,7 +114,7 @@ if ( ! isset( $post ) || ! $post ) {
}
if ( $title ) {
echo '<h4 class="sp-table-caption">' . $title . '</h4>';
echo '<h4 class="sp-table-caption">' . wp_kses_post( $title ) . '</h4>';
}
$title = $post->post_title;
@@ -130,10 +130,10 @@ if ( isset( $show_status ) && $show_status ) {
$statuses = apply_filters(
'sportspress_event_statuses',
array(
'ok' => __( 'On time', 'sportspress' ),
'tbd' => __( 'TBD', 'sportspress' ),
'postponed' => __( 'Postponed', 'sportspress' ),
'cancelled' => __( 'Canceled', 'sportspress' ),
'ok' => esc_attr__( 'On time', 'sportspress' ),
'tbd' => esc_attr__( 'TBD', 'sportspress' ),
'postponed' => esc_attr__( 'Postponed', 'sportspress' ),
'cancelled' => esc_attr__( 'Canceled', 'sportspress' ),
)
);
$title = $title . ' (' . $statuses[ $sp_status ] . ')';
@@ -160,7 +160,7 @@ if ( isset( $show_status ) && $show_status ) {
$i++;
if ( has_post_thumbnail( $team ) ) {
if ( $link_teams ) {
echo '<a class="team-logo logo-' . ( $i % 2 ? 'odd' : 'even' ) . '" href="' . get_post_permalink( $team ) . '" title="' . get_the_title( $team ) . '">' . get_the_post_thumbnail( $team, 'sportspress-fit-icon' ) . '</a>';
echo '<a class="team-logo logo-' . ( $i % 2 ? 'odd' : 'even' ) . '" href="' . esc_url( get_post_permalink( $team ) ) . '" title="' . esc_attr( get_the_title( $team ) ) . '">' . get_the_post_thumbnail( $team, 'sportspress-fit-icon' ) . '</a>';
} else {
echo get_the_post_thumbnail( $team, 'sportspress-fit-icon', array( 'class' => 'team-logo logo-' . ( $i % 2 ? 'odd' : 'even' ) ) );
}
@@ -169,14 +169,14 @@ if ( isset( $show_status ) && $show_status ) {
}
}
?>
<?php echo $title; ?>
<?php echo wp_kses_post( $title ); ?>
</h3>
<?php
if ( isset( $show_date ) && $show_date ) :
?>
<h5 class="event-venue sp-event-venue event-date sp-event-date">
<?php
echo get_the_time( get_option( 'date_format' ), $post );
echo wp_kses_post( get_the_time( get_option( 'date_format' ), $post ) );
?>
</h5>
<?php
@@ -195,7 +195,7 @@ if ( isset( $show_status ) && $show_status ) {
foreach ( $venues as $venue ) {
$venue_names[] = $venue->name;
}
echo implode( '/', $venue_names );
echo wp_kses_post( implode( '/', $venue_names ) );
}
?>
</h5>
@@ -209,7 +209,7 @@ if ( isset( $show_status ) && $show_status ) {
foreach ( $leagues as $league ) :
$term = get_term( $league->term_id, 'sp_league' );
?>
<h5 class="event-league sp-event-league"><?php echo $term->name; ?></h5>
<h5 class="event-league sp-event-league"><?php echo wp_kses_post( $term->name ); ?></h5>
<?php
endforeach;
endif;
@@ -229,15 +229,15 @@ if ( isset( $show_status ) && $show_status ) {
if ( $days >= 10 ) :
?>
long-countdown<?php endif; ?>">
<time datetime="<?php echo $post->post_date; ?>"
<time datetime="<?php echo esc_attr( $post->post_date ); ?>"
<?php
if ( $live ) :
?>
data-countdown="<?php echo str_replace( '-', '/', get_gmt_from_date( $post->post_date ) ); ?>"<?php endif; ?>>
<span><?php echo sprintf( '%02s', $days ); ?> <small><?php _e( 'days', 'sportspress' ); ?></small></span>
<span><?php echo sprintf( '%02s', $h ); ?> <small><?php _e( 'hrs', 'sportspress' ); ?></small></span>
<span><?php echo sprintf( '%02s', $i ); ?> <small><?php _e( 'mins', 'sportspress' ); ?></small></span>
<span><?php echo sprintf( '%02s', $s ); ?> <small><?php _e( 'secs', 'sportspress' ); ?></small></span>
data-countdown="<?php echo esc_attr( str_replace( '-', '/', get_gmt_from_date( $post->post_date ) ) ); ?>"<?php endif; ?>>
<span><?php echo wp_kses_post( sprintf( '%02s', $days ) ); ?> <small><?php esc_attr_e( 'days', 'sportspress' ); ?></small></span>
<span><?php echo wp_kses_post( sprintf( '%02s', $h ) ); ?> <small><?php esc_attr_e( 'hrs', 'sportspress' ); ?></small></span>
<span><?php echo wp_kses_post( sprintf( '%02s', $i ) ); ?> <small><?php esc_attr_e( 'mins', 'sportspress' ); ?></small></span>
<span><?php echo wp_kses_post( sprintf( '%02s', $s ) ); ?> <small><?php esc_attr_e( 'secs', 'sportspress' ); ?></small></span>
</time>
</p>
</div>

20
templates/event-blocks.php
View File

@@ -135,7 +135,7 @@ if ( $show_title && false === $title && $id ) :
endif;
if ( $title ) {
echo '<h4 class="sp-table-caption">' . $title . '</h4>';
echo '<h4 class="sp-table-caption">' . wp_kses_post( $title ) . '</h4>';
}
?>
<div class="sp-template sp-template-event-blocks">
@@ -144,7 +144,7 @@ if ( $title ) {
<?php
if ( $paginated ) {
?>
sp-paginated-table<?php } ?>" data-sp-rows="<?php echo $rows; ?>">
sp-paginated-table<?php } ?>" data-sp-rows="<?php echo esc_attr( $rows ); ?>">
<thead><tr><th></th></tr></thead> <?php // Required for DataTables ?>
<tbody>
<?php
@@ -198,15 +198,15 @@ if ( $title ) {
$event_group = get_post_meta( $event->ID, 'sp_day', true );
if ( ! isset( $group ) || $event_group !== $group ) :
$group = $event_group;
echo '<tr><th><strong class="sp-event-group-name">', __( 'Match Day', 'sportspress' ), ' ', $group, '</strong></th></tr>';
echo '<tr><th><strong class="sp-event-group-name">', esc_attr__( 'Match Day', 'sportspress' ), ' ', wp_kses_post( $group ), '</strong></th></tr>';
endif;
endif;
?>
<tr class="sp-row sp-post<?php echo ( $i % 2 == 0 ? ' alternate' : '' ); ?>" itemscope itemtype="http://schema.org/SportsEvent">
<td>
<?php do_action( 'sportspress_event_blocks_before', $event, $usecolumns ); ?>
<?php echo implode( ' ', $logos ); ?>
<time class="sp-event-date" datetime="<?php echo $event->post_date; ?>" itemprop="startDate" content="<?php echo mysql2date( 'Y-m-d\TH:iP', $event->post_date ); ?>">
<?php echo wp_kses_post( implode( ' ', $logos ) ); ?>
<time class="sp-event-date" datetime="<?php echo esc_attr( $event->post_date ); ?>" itemprop="startDate" content="<?php echo esc_attr( mysql2date( 'Y-m-d\TH:iP', $event->post_date ) ); ?>">
<?php echo wp_kses_post( sp_add_link( get_the_time( get_option( 'date_format' ), $event ), $permalink, $link_events ) ); ?>
</time>
<?php
@@ -227,7 +227,7 @@ endif;
if ( $leagues ) :
$league = array_shift( $leagues );
?>
<div class="sp-event-league"><?php echo $league->name; ?></div>
<div class="sp-event-league"><?php echo wp_kses_post( $league->name ); ?></div>
<?php
endif;
endif;
@@ -238,7 +238,7 @@ endif;
if ( $seasons ) :
$season = array_shift( $seasons );
?>
<div class="sp-event-season"><?php echo $season->name; ?></div>
<div class="sp-event-season"><?php echo wp_kses_post( $season->name ); ?></div>
<?php
endif;
endif;
@@ -249,13 +249,13 @@ endif;
if ( $venues ) :
$venue = array_shift( $venues );
?>
<div class="sp-event-venue" itemprop="location" itemscope itemtype="http://schema.org/Place"><div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><?php echo $venue->name; ?></div></div>
<div class="sp-event-venue" itemprop="location" itemscope itemtype="http://schema.org/Place"><div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><?php echo wp_kses_post( $venue->name ); ?></div></div>
<?php
endif;
endif;
?>
<?php if ( ! $show_venue || ! $venues ) : ?>
<div style="display:none;" class="sp-event-venue" itemprop="location" itemscope itemtype="http://schema.org/Place"><div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><?php _e( 'N/A', 'sportspress' ); ?></div></div>
<div style="display:none;" class="sp-event-venue" itemprop="location" itemscope itemtype="http://schema.org/Place"><div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress"><?php esc_attr_e( 'N/A', 'sportspress' ); ?></div></div>
<?php endif; ?>
<h4 class="sp-event-title" itemprop="name">
<?php echo wp_kses_post( sp_add_link( $event->post_title, $permalink, $link_events ) ); ?>
@@ -273,7 +273,7 @@ endif;
</div>
<?php
if ( $id && $show_all_events_link ) {
echo '<div class="sp-calendar-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View all events', 'sportspress' ) . '</a></div>';
echo '<div class="sp-calendar-link sp-view-all-link"><a href="' . esc_url( get_permalink( $id ) ) . '">' . esc_attr__( 'View all events', 'sportspress' ) . '</a></div>';
}
?>
</div>

6
templates/event-calendar.php
View File

@@ -279,7 +279,7 @@ for ( $day = 1; $day <= $daysinmonth; ++$day ) {
$calendar_output .= '<td' . $td_properties . '>';
if ( $day_has_posts ) { // any posts today?
$calendar_output .= '<a data-tooltip data-options="disable_for_touch:true" class="has-tip" href="' . ( sizeof( $daywithpost[ $day ] ) > 1 ? add_query_arg( array( 'post_type' => 'sp_event' ), get_day_link( $thisyear, $thismonth, $day ) ) . '" title="' . sprintf( __( '%s events', 'sportspress' ), ( sizeof( $daywithpost[ $day ] ) ) ) : get_post_permalink( $daywithpost[ $day ][0], false, true ) . '" title="' . esc_attr( $ak_titles_for_day[ $day ] ) ) . "\" itemprop=\"url\">$day</a>";
$calendar_output .= '<a data-tooltip data-options="disable_for_touch:true" class="has-tip" href="' . ( sizeof( $daywithpost[ $day ] ) > 1 ? add_query_arg( array( 'post_type' => 'sp_event' ), get_day_link( $thisyear, $thismonth, $day ) ) . '" title="' . sprintf( esc_attr__( '%s events', 'sportspress' ), ( sizeof( $daywithpost[ $day ] ) ) ) : get_post_permalink( $daywithpost[ $day ][0], false, true ) . '" title="' . esc_attr( $ak_titles_for_day[ $day ] ) ) . "\" itemprop=\"url\">$day</a>";
} else {
$calendar_output .= $day;
}
@@ -298,9 +298,9 @@ if ( $pad != 0 && $pad != 7 ) {
$calendar_output .= "\n\t</tr>\n\t</tbody>\n\t</table>\n\t</div>";
if ( $id && $show_all_events_link ) {
$calendar_output .= '<div class="sp-calendar-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View all events', 'sportspress' ) . '</a></div>';
$calendar_output .= '<div class="sp-calendar-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . esc_attr__( 'View all events', 'sportspress' ) . '</a></div>';
}
?>
<div class="sp-template sp-template-event-calendar">
<?php echo $calendar_output; ?>
<?php echo wp_kses_post( $calendar_output ); ?>
</div>

14
templates/event-details.php
View File

@@ -24,12 +24,12 @@ $data = array();
if ( 'yes' === get_option( 'sportspress_event_show_date', 'yes' ) ) {
$date = get_the_time( get_option( 'date_format' ), $id );
$data[ __( 'Date', 'sportspress' ) ] = $date;
$data[ esc_attr__( 'Date', 'sportspress' ) ] = $date;
}
if ( 'yes' === get_option( 'sportspress_event_show_time', 'yes' ) ) {
$time = get_the_time( get_option( 'time_format' ), $id );
$data[ __( 'Time', 'sportspress' ) ] = apply_filters( 'sportspress_event_time', $time, $id );
$data[ esc_attr__( 'Time', 'sportspress' ) ] = apply_filters( 'sportspress_event_time', $time, $id );
}
$taxonomies = apply_filters(
@@ -52,7 +52,7 @@ endforeach;
if ( 'yes' === get_option( 'sportspress_event_show_day', 'yes' ) ) {
$day = get_post_meta( $id, 'sp_day', true );
if ( '' !== $day ) {
$data[ __( 'Match Day', 'sportspress' ) ] = $day;
$data[ esc_attr__( 'Match Day', 'sportspress' ) ] = $day;
}
}
@@ -61,7 +61,7 @@ if ( 'yes' === get_option( 'sportspress_event_show_full_time', 'yes' ) ) {
if ( '' === $full_time ) {
$full_time = get_option( 'sportspress_event_minutes', 90 );
}
$data[ __( 'Full Time', 'sportspress' ) ] = $full_time . '\'';
$data[ esc_attr__( 'Full Time', 'sportspress' ) ] = $full_time . '\'';
}
$data = apply_filters( 'sportspress_event_details', $data, $id );
@@ -71,7 +71,7 @@ if ( ! sizeof( $data ) ) {
}
?>
<div class="sp-template sp-template-event-details">
<h4 class="sp-table-caption"><?php _e( 'Details', 'sportspress' ); ?></h4>
<h4 class="sp-table-caption"><?php esc_attr_e( 'Details', 'sportspress' ); ?></h4>
<div class="sp-table-wrapper">
<table class="sp-event-details sp-data-table
<?php
@@ -81,7 +81,7 @@ if ( ! sizeof( $data ) ) {
<thead>
<tr>
<?php $i = 0; foreach ( $data as $label => $value ) : ?>
<th><?php echo $label; ?></th>
<th><?php echo wp_kses_post( $label ); ?></th>
<?php
$i++;
endforeach;
@@ -91,7 +91,7 @@ endforeach;
<tbody>
<tr class="odd">
<?php $i = 0; foreach ( $data as $value ) : ?>
<td><?php echo $value; ?></td>
<td><?php echo wp_kses_post( $value ); ?></td>
<?php
$i++;
endforeach;

12
templates/event-fixtures-results.php
View File

@@ -57,7 +57,7 @@ if ( $player ) {
$args = array(
'id' => $id,
'title' => __( 'Fixtures', 'sportspress' ),
'title' => esc_attr__( 'Fixtures', 'sportspress' ),
'status' => 'future',
'date' => $date,
'date_from' => $date_from,
@@ -86,7 +86,7 @@ ob_start();
sp_get_template( 'event-blocks.php', $args );
$fixtures = ob_get_clean();
$args['title'] = __( 'Results', 'sportspress' );
$args['title'] = esc_attr__( 'Results', 'sportspress' );
$args['status'] = 'publish';
$args['order'] = 'DESC';
@@ -96,17 +96,17 @@ $results = ob_get_clean();
if ( false == $fixtures || false == $results ) {
echo $fixtures;
echo $results;
echo wp_kses_post( $fixtures );
echo wp_kses_post( $results );
} else {
echo '<div class="sp-widget-align-left">';
echo $fixtures;
echo wp_kses_post( $fixtures );
echo '</div>';
echo '<div class="sp-widget-align-right">';
echo $results;
echo wp_kses_post( $results );
echo '</div>';
}

142
templates/event-list.php
View File

@@ -127,10 +127,10 @@ $identifier = uniqid( 'eventlist_' );
?>
<div class="sp-template sp-template-event-list">
<?php if ( $title ) { ?>
<h4 class="sp-table-caption"><?php echo $title; ?></h4>
<h4 class="sp-table-caption"><?php echo wp_kses_post( $title ); ?></h4>
<?php } ?>
<div class="sp-table-wrapper">
<table class="sp-event-list sp-event-list-format-<?php echo $title_format; ?> sp-data-table
<table class="sp-event-list sp-event-list-format-<?php echo esc_attr( $title_format ); ?> sp-data-table
<?php
if ( $paginated ) {
?>
@@ -141,90 +141,90 @@ $identifier = uniqid( 'eventlist_' );
sp-sortable-table
<?php
} if ( $responsive ) {
echo ' sp-responsive-table ' . $identifier; } if ( $scrollable ) {
echo ' sp-responsive-table ' . esc_attr( $identifier ); } if ( $scrollable ) {
?>
sp-scrollable-table <?php } ?>" data-sp-rows="<?php echo $rows; ?>">
sp-scrollable-table <?php } ?>" data-sp-rows="<?php echo esc_attr( $rows ); ?>">
<thead>
<tr>
<?php
echo '<th class="data-date">' . __( 'Date', 'sportspress' ) . '</th>';
echo '<th class="data-date">' . esc_attr__( 'Date', 'sportspress' ) . '</th>';
switch ( $title_format ) {
case 'homeaway':
if ( sp_column_active( $usecolumns, 'event' ) ) {
echo '<th class="data-home">' . __( 'Home', 'sportspress' ) . '</th>';
echo '<th class="data-home">' . esc_attr__( 'Home', 'sportspress' ) . '</th>';
}
if ( 'combined' == $time_format && sp_column_active( $usecolumns, 'time' ) ) {
echo '<th class="data-time">' . __( 'Time/Results', 'sportspress' ) . '</th>';
$labels[] = __( 'Time/Results', 'sportspress' );
echo '<th class="data-time">' . esc_attr__( 'Time/Results', 'sportspress' ) . '</th>';
$labels[] = esc_attr__( 'Time/Results', 'sportspress' );
} elseif ( in_array( $time_format, array( 'separate', 'results' ) ) && sp_column_active( $usecolumns, 'results' ) ) {
echo '<th class="data-results">' . __( 'Results', 'sportspress' ) . '</th>';
echo '<th class="data-results">' . esc_attr__( 'Results', 'sportspress' ) . '</th>';
}
if ( sp_column_active( $usecolumns, 'event' ) ) {
echo '<th class="data-away">' . __( 'Away', 'sportspress' ) . '</th>';
echo '<th class="data-away">' . esc_attr__( 'Away', 'sportspress' ) . '</th>';
}
if ( in_array( $time_format, array( 'separate', 'time' ) ) && sp_column_active( $usecolumns, 'time' ) ) {
echo '<th class="data-time">' . __( 'Time', 'sportspress' ) . '</th>';
echo '<th class="data-time">' . esc_attr__( 'Time', 'sportspress' ) . '</th>';
}
break;
default:
if ( sp_column_active( $usecolumns, 'event' ) ) {
if ( $title_format == 'teams' ) {
echo '<th class="data-teams">' . __( 'Teams', 'sportspress' ) . '</th>';
echo '<th class="data-teams">' . esc_attr__( 'Teams', 'sportspress' ) . '</th>';
} else {
echo '<th class="data-event">' . __( 'Event', 'sportspress' ) . '</th>';
echo '<th class="data-event">' . esc_attr__( 'Event', 'sportspress' ) . '</th>';
}
}
switch ( $time_format ) {
case 'separate':
if ( sp_column_active( $usecolumns, 'time' ) ) {
echo '<th class="data-time">' . __( 'Time', 'sportspress' ) . '</th>';
echo '<th class="data-time">' . esc_attr__( 'Time', 'sportspress' ) . '</th>';
}
if ( sp_column_active( $usecolumns, 'results' ) ) {
echo '<th class="data-results">' . __( 'Results', 'sportspress' ) . '</th>';
echo '<th class="data-results">' . esc_attr__( 'Results', 'sportspress' ) . '</th>';
}
break;
case 'time':
if ( sp_column_active( $usecolumns, 'time' ) ) {
echo '<th class="data-time">' . __( 'Time', 'sportspress' ) . '</th>';
echo '<th class="data-time">' . esc_attr__( 'Time', 'sportspress' ) . '</th>';
}
break;
case 'results':
if ( sp_column_active( $usecolumns, 'results' ) ) {
echo '<th class="data-results">' . __( 'Results', 'sportspress' ) . '</th>';
echo '<th class="data-results">' . esc_attr__( 'Results', 'sportspress' ) . '</th>';
}
break;
default:
if ( sp_column_active( $usecolumns, 'time' ) ) {
echo '<th class="data-time">' . __( 'Time/Results', 'sportspress' ) . '</th>';
echo '<th class="data-time">' . esc_attr__( 'Time/Results', 'sportspress' ) . '</th>';
}
}
}
if ( sp_column_active( $usecolumns, 'league' ) ) {
echo '<th class="data-league">' . __( 'League', 'sportspress' ) . '</th>';
echo '<th class="data-league">' . esc_attr__( 'League', 'sportspress' ) . '</th>';
}
if ( sp_column_active( $usecolumns, 'season' ) ) {
echo '<th class="data-season">' . __( 'Season', 'sportspress' ) . '</th>';
echo '<th class="data-season">' . esc_attr__( 'Season', 'sportspress' ) . '</th>';
}
if ( sp_column_active( $usecolumns, 'venue' ) ) {
echo '<th class="data-venue">' . __( 'Venue', 'sportspress' ) . '</th>';
echo '<th class="data-venue">' . esc_attr__( 'Venue', 'sportspress' ) . '</th>';
} else {
echo '<th style="display:none;" class="data-venue">' . __( 'Venue', 'sportspress' ) . '</th>';
echo '<th style="display:none;" class="data-venue">' . esc_attr__( 'Venue', 'sportspress' ) . '</th>';
}
if ( sp_column_active( $usecolumns, 'article' ) ) {
echo '<th class="data-article">' . __( 'Article', 'sportspress' ) . '</th>';
echo '<th class="data-article">' . esc_attr__( 'Article', 'sportspress' ) . '</th>';
}
if ( sp_column_active( $usecolumns, 'day' ) ) {
echo '<th class="data-day">' . __( 'Match Day', 'sportspress' ) . '</th>';
echo '<th class="data-day">' . esc_attr__( 'Match Day', 'sportspress' ) . '</th>';
}
do_action( 'sportspress_event_list_head_row', $usecolumns );
@@ -304,7 +304,7 @@ $identifier = uniqid( 'eventlist_' );
$teams_output .= '&mdash;';
endif;
echo '<tr class="sp-row sp-post' . ( $i % 2 == 0 ? ' alternate' : '' ) . ' sp-row-no-' . $i . '" itemscope itemtype="http://schema.org/SportsEvent">';
echo '<tr class="sp-row sp-post' . ( $i % 2 == 0 ? ' alternate' : '' ) . ' sp-row-no-' . esc_attr( $i ) . '" itemscope itemtype="http://schema.org/SportsEvent">';
$date_html = '<date>' . get_post_time( 'Y-m-d H:i:s', false, $event ) . '</date>' . apply_filters( 'sportspress_event_date', get_post_time( get_option( 'date_format' ), false, $event, true ), $event->ID );
@@ -312,7 +312,7 @@ $identifier = uniqid( 'eventlist_' );
$date_html = '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">' . $date_html . '</a>';
}
echo '<td class="data-date" itemprop="startDate" content="' . mysql2date( 'Y-m-d\TH:iP', $event->post_date ) . '" data-label="' . __( 'Date', 'sportspress' ) . '">' . $date_html . '</td>';
echo '<td class="data-date" itemprop="startDate" content="' . esc_attr( mysql2date( 'Y-m-d\TH:iP', $event->post_date ) ) . '" data-label="' . esc_attr__( 'Date', 'sportspress' ) . '">' . wp_kses_post( $date_html ) . '</td>';
// Check if the reverse_teams option is selected and alter the teams order
if ( $reverse_teams ) {
@@ -323,30 +323,30 @@ $identifier = uniqid( 'eventlist_' );
case 'homeaway':
if ( sp_column_active( $usecolumns, 'event' ) ) {
$team = array_shift( $teams_array );
echo '<td class="data-home' . $team_class . '" itemprop="competitor" itemscope itemtype="http://schema.org/SportsTeam" data-label="' . __( 'Home', 'sportspress' ) . '">' . $team . '</td>';
echo '<td class="data-home' . esc_attr( $team_class ) . '" itemprop="competitor" itemscope itemtype="http://schema.org/SportsTeam" data-label="' . esc_attr__( 'Home', 'sportspress' ) . '">' . wp_kses_post( $team ) . '</td>';
}
if ( 'combined' == $time_format && sp_column_active( $usecolumns, 'time' ) ) {
echo '<td class="data-time ' . $status . '" data-label="' . __( 'Time/Results', 'sportspress' ) . '">';
echo '<td class="data-time ' . esc_attr( $status ) . '" data-label="' . esc_attr__( 'Time/Results', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
if ( ! empty( $main_results ) ) :
echo implode( ' - ', $main_results );
echo wp_kses_post( implode( ' - ', $main_results ) );
else :
echo '<date>&nbsp;' . get_post_time( 'H:i:s', false, $event ) . '</date>' . apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID );
echo '<date>&nbsp;' . wp_kses_post( get_post_time( 'H:i:s', false, $event ) ) . '</date>' . wp_kses_post( apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID ) );
endif;
if ( $link_events ) {
echo '</a>';
}
echo '</td>';
} elseif ( in_array( $time_format, array( 'separate', 'results' ) ) && sp_column_active( $usecolumns, 'results' ) ) {
echo '<td class="data-results" data-label="' . __( 'Results', 'sportspress' ) . '">';
echo '<td class="data-results" data-label="' . esc_attr__( 'Results', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
if ( ! empty( $main_results ) ) :
echo implode( ' - ', $main_results );
echo wp_kses_post( implode( ' - ', $main_results ) );
else :
echo '-';
endif;
@@ -358,15 +358,15 @@ $identifier = uniqid( 'eventlist_' );
if ( sp_column_active( $usecolumns, 'event' ) ) {
$team = array_shift( $teams_array );
echo '<td class="data-away' . $team_class . '" itemprop="competitor" itemscope itemtype="http://schema.org/SportsTeam" data-label="' . __( 'Away', 'sportspress' ) . '">' . $team . '</td>';
echo '<td class="data-away' . esc_attr( $team_class ) . '" itemprop="competitor" itemscope itemtype="http://schema.org/SportsTeam" data-label="' . esc_attr__( 'Away', 'sportspress' ) . '">' . wp_kses_post( $team ) . '</td>';
}
if ( in_array( $time_format, array( 'separate', 'time' ) ) && sp_column_active( $usecolumns, 'time' ) ) {
echo '<td class="data-time ' . $status . '" data-label="' . __( 'Time', 'sportspress' ) . '">';
echo '<td class="data-time ' . esc_attr( $status ) . '" data-label="' . esc_attr__( 'Time', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
echo '<date>&nbsp;' . get_post_time( 'H:i:s', false, $event ) . '</date>' . apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID );
echo '<date>&nbsp;' . wp_kses_post( get_post_time( 'H:i:s', false, $event ) ) . '</date>' . wp_kses_post( apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID ) );
if ( $link_events ) {
echo '</a>';
}
@@ -376,36 +376,36 @@ $identifier = uniqid( 'eventlist_' );
default:
if ( sp_column_active( $usecolumns, 'event' ) ) {
if ( $title_format == 'teams' ) {
echo '<td class="data-event data-teams" data-label="' . __( 'Teams', 'sportspress' ) . '">' . $teams_output . '</td>';
echo '<td class="data-event data-teams" data-label="' . esc_attr__( 'Teams', 'sportspress' ) . '">' . wp_kses_post( $teams_output ) . '</td>';
} else {
$title_html = implode( ' ', $team_logos ) . ' ' . $event->post_title;
if ( $link_events ) {
$title_html = '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url name">' . $title_html . '</a>';
}
echo '<td class="data-event" data-label="' . __( 'Event', 'sportspress' ) . '">' . $title_html . '</td>';
echo '<td class="data-event" data-label="' . esc_attr__( 'Event', 'sportspress' ) . '">' . wp_kses_post( $title_html ) . '</td>';
}
}
switch ( $time_format ) {
case 'separate':
if ( sp_column_active( $usecolumns, 'time' ) ) {
echo '<td class="data-time ' . $status . '" data-label="' . __( 'Time', 'sportspress' ) . '">';
echo '<td class="data-time ' . esc_attr( $status ) . '" data-label="' . esc_attr__( 'Time', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
echo '<date>&nbsp;' . get_post_time( 'H:i:s', false, $event ) . '</date>' . apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID );
echo '<date>&nbsp;' . wp_kses_post( get_post_time( 'H:i:s', false, $event ) ) . '</date>' . wp_kses_post( apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID ) );
if ( $link_events ) {
echo '</a>';
}
echo '</td>';
}
if ( sp_column_active( $usecolumns, 'results' ) ) {
echo '<td class="data-results" data-label="' . __( 'Results', 'sportspress' ) . '">';
echo '<td class="data-results" data-label="' . esc_attr__( 'Results', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
if ( ! empty( $main_results ) ) :
echo implode( ' - ', $main_results );
echo wp_kses_post( implode( ' - ', $main_results ) );
else :
echo '-';
endif;
@@ -417,11 +417,11 @@ $identifier = uniqid( 'eventlist_' );
break;
case 'time':
if ( sp_column_active( $usecolumns, 'time' ) ) {
echo '<td class="data-time ' . $status . '" data-label="' . __( 'Time', 'sportspress' ) . '">';
echo '<td class="data-time ' . esc_attr( $status ) . '" data-label="' . esc_attr__( 'Time', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
echo '<date>&nbsp;' . get_post_time( 'H:i:s', false, $event ) . '</date>' . apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID );
echo '<date>&nbsp;' . wp_kses_post( get_post_time( 'H:i:s', false, $event ) ) . '</date>' . wp_kses_post( apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID ) );
if ( $link_events ) {
echo '</a>';
}
@@ -430,12 +430,12 @@ $identifier = uniqid( 'eventlist_' );
break;
case 'results':
if ( sp_column_active( $usecolumns, 'results' ) ) {
echo '<td class="data-results" data-label="' . __( 'Results', 'sportspress' ) . '">';
echo '<td class="data-results" data-label="' . esc_attr__( 'Results', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
if ( ! empty( $main_results ) ) :
echo implode( ' - ', $main_results );
echo wp_kses_post( implode( ' - ', $main_results ) );
else :
echo '-';
endif;
@@ -447,14 +447,14 @@ $identifier = uniqid( 'eventlist_' );
break;
default:
if ( sp_column_active( $usecolumns, 'time' ) ) {
echo '<td class="data-time ' . $status . '" data-label="' . __( 'Time/Results', 'sportspress' ) . '">';
echo '<td class="data-time ' . esc_attr( $status ) . '" data-label="' . esc_attr__( 'Time/Results', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
if ( ! empty( $main_results ) ) :
echo implode( ' - ', $main_results );
echo wp_kses_post( implode( ' - ', $main_results ) );
else :
echo '<date>&nbsp;' . get_post_time( 'H:i:s', false, $event ) . '</date>' . apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID );
echo '<date>&nbsp;' . wp_kses_post( get_post_time( 'H:i:s', false, $event ) ) . '</date>' . wp_kses_post( apply_filters( 'sportspress_event_time', sp_get_time( $event ), $event->ID ) );
endif;
if ( $link_events ) {
echo '</a>';
@@ -465,48 +465,48 @@ $identifier = uniqid( 'eventlist_' );
}
if ( sp_column_active( $usecolumns, 'league' ) ) :
echo '<td class="data-league" data-label="' . __( 'League', 'sportspress' ) . '">';
echo '<td class="data-league" data-label="' . esc_attr__( 'League', 'sportspress' ) . '">';
$leagues = get_the_terms( $event->ID, 'sp_league' );
if ( $leagues ) :
echo implode( ', ', wp_list_pluck( $leagues, 'name' ) );
echo wp_kses_post( implode( ', ', wp_list_pluck( $leagues, 'name' ) ) );
endif;
echo '</td>';
endif;
if ( sp_column_active( $usecolumns, 'season' ) ) :
echo '<td class="data-season" data-label="' . __( 'Season', 'sportspress' ) . '">';
echo '<td class="data-season" data-label="' . esc_attr__( 'Season', 'sportspress' ) . '">';
$seasons = get_the_terms( $event->ID, 'sp_season' );
if ( $seasons ) :
echo implode( ', ', wp_list_pluck( $seasons, 'name' ) );
echo wp_kses_post( implode( ', ', wp_list_pluck( $seasons, 'name' ) ) );
endif;
echo '</td>';
endif;
if ( sp_column_active( $usecolumns, 'venue' ) ) :
echo '<td class="data-venue" data-label="' . __( 'Venue', 'sportspress' ) . '" itemprop="location" itemscope itemtype="http://schema.org/Place">';
echo '<td class="data-venue" data-label="' . esc_attr__( 'Venue', 'sportspress' ) . '" itemprop="location" itemscope itemtype="http://schema.org/Place">';
echo '<div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress">';
if ( $link_venues ) :
the_terms( $event->ID, 'sp_venue' );
else :
$venues = get_the_terms( $event->ID, 'sp_venue' );
if ( $venues ) :
echo implode( ', ', wp_list_pluck( $venues, 'name' ) );
echo wp_kses_post( implode( ', ', wp_list_pluck( $venues, 'name' ) ) );
endif;
endif;
echo '</div>';
echo '</td>';
else :
echo '<td style="display:none;" class="data-venue" data-label="' . __( 'Venue', 'sportspress' ) . '" itemprop="location" itemscope itemtype="http://schema.org/Place">';
echo '<td style="display:none;" class="data-venue" data-label="' . esc_attr__( 'Venue', 'sportspress' ) . '" itemprop="location" itemscope itemtype="http://schema.org/Place">';
echo '<div itemprop="address" itemscope itemtype="http://schema.org/PostalAddress">';
_e( 'N/A', 'sportspress' );
esc_attr_e( 'N/A', 'sportspress' );
echo '</div>';
echo '</td>';
endif;
if ( sp_column_active( $usecolumns, 'article' ) ) :
echo '<td class="data-article" data-label="' . __( 'Article', 'sportspress' ) . '">';
echo '<td class="data-article" data-label="' . esc_attr__( 'Article', 'sportspress' ) . '">';
if ( $link_events ) {
echo '<a href="' . get_post_permalink( $event->ID, false, true ) . '" itemprop="url">';
echo '<a href="' . esc_url( get_post_permalink( $event->ID, false, true ) ) . '" itemprop="url">';
}
if ( $video ) :
@@ -516,9 +516,9 @@ $identifier = uniqid( 'eventlist_' );
endif;
if ( $event->post_content !== null ) :
if ( $event->post_status == 'publish' ) :
_e( 'Recap', 'sportspress' );
esc_attr_e( 'Recap', 'sportspress' );
else :
_e( 'Preview', 'sportspress' );
esc_attr_e( 'Preview', 'sportspress' );
endif;
endif;
@@ -529,12 +529,12 @@ $identifier = uniqid( 'eventlist_' );
endif;
if ( sp_column_active( $usecolumns, 'day' ) ) :
echo '<td class="data-day" data-label="' . __( 'Match Day', 'sportspress' ) . '">';
echo '<td class="data-day" data-label="' . esc_attr__( 'Match Day', 'sportspress' ) . '">';
$day = get_post_meta( $event->ID, 'sp_day', true );
if ( '' == $day ) {
echo '-';
} else {
echo $day;
echo wp_kses_post( $day );
}
echo '</td>';
endif;
@@ -555,7 +555,7 @@ $identifier = uniqid( 'eventlist_' );
// sportspress_responsive_tables_css( $identifier );
}
if ( $id && $show_all_events_link ) {
echo '<div class="sp-calendar-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View all events', 'sportspress' ) . '</a></div>';
echo '<div class="sp-calendar-link sp-view-all-link"><a href="' . esc_url( get_permalink( $id ) ) . '">' . esc_attr__( 'View all events', 'sportspress' ) . '</a></div>';
}
?>
</div>

16
templates/event-logos-block.php
View File

@@ -39,20 +39,20 @@
$logo = '<span class="team-logo logo-' . ( $j % 2 ? 'odd' : 'even' ) . '" title="' . get_the_title( $team ) . '">' . $logo . '</span>';
endif;
echo $logo;
echo wp_kses_post( $logo );
endforeach;
?>
<time class="sp-event-date" datetime="<?php echo get_the_time( 'Y-m-d H:i:s', $id ); ?>">
<?php echo get_the_time( get_option( 'date_format' ), $id ); ?>
<time class="sp-event-date" datetime="<?php echo esc_attr( get_the_time( 'Y-m-d H:i:s', $id ) ); ?>">
<?php echo wp_kses_post( get_the_time( get_option( 'date_format' ), $id ) ); ?>
</time>
<?php
$status = __( 'Preview', 'sportspress' );
$status = esc_attr__( 'Preview', 'sportspress' );
if ( $show_time ) {
?>
<h5 class="sp-event-results">
<?php echo '<span class="sp-result">' . apply_filters( 'sportspress_event_time', sp_get_time( $id ), $id ) . '</span>'; ?>
<?php echo '<span class="sp-result">' . wp_kses_post( apply_filters( 'sportspress_event_time', sp_get_time( $id ), $id ) ) . '</span>'; ?>
</h5>
<?php
}
@@ -60,14 +60,14 @@
if ( $show_results && ! empty( $results ) ) {
?>
<h5 class="sp-event-results">
<?php echo '<span class="sp-result">' . implode( '</span> - <span class="sp-result">', apply_filters( 'sportspress_event_blocks_team_result_or_time', $results, $id ) ) . '</span>'; ?>
<?php echo '<span class="sp-result">' . wp_kses_post( implode( '</span> - <span class="sp-result">', apply_filters( 'sportspress_event_blocks_team_result_or_time', $results, $id ) ) ) . '</span>'; ?>
</h5>
<?php
$status = __( 'Full Time', 'sportspress' );
$status = esc_attr__( 'Full Time', 'sportspress' );
}
?>
<span class="sp-event-status">
<?php echo apply_filters( 'sportspress_event_logos_status', $status, $id ); ?>
<?php echo wp_kses_post( apply_filters( 'sportspress_event_logos_status', $status, $id ) ); ?>
</span>
</td>
</tr>

4
templates/event-logos-inline.php
View File

@@ -51,7 +51,7 @@ foreach ( $teams as $team ) :
endforeach;
$team_logos = array_filter( $team_logos );
if ( ! empty( $team_logos ) ) :
echo '<div class="sp-template sp-template-event-logos sp-template-event-logos-inline"><div class="sp-event-logos sp-event-logos-' . sizeof( $teams ) . '">';
echo '<div class="sp-template sp-template-event-logos sp-template-event-logos-inline"><div class="sp-event-logos sp-event-logos-' . esc_attr( sizeof( $teams ) ) . '">';
// Assign delimiter
if ( $show_time && sizeof( $teams ) <= 2 ) {
@@ -60,6 +60,6 @@ if ( ! empty( $team_logos ) ) :
$delimiter = get_option( 'sportspress_event_teams_delimiter', 'vs' );
}
echo implode( ' ' . $delimiter . ' ', $team_logos );
echo wp_kses_post( implode( ' ' . $delimiter . ' ', $team_logos ) );
echo '</div></div>';
endif;

6
templates/event-officials-list.php
View File

@@ -14,7 +14,7 @@ if ( ! defined( 'ABSPATH' ) ) {
$scrollable = get_option( 'sportspress_enable_scrollable_tables', 'yes' ) == 'yes' ? true : false;
?>
<div class="sp-template sp-template-event-officials sp-template-details">
<h4 class="sp-table-caption"><?php _e( 'Officials', 'sportspress' ); ?></h4>
<h4 class="sp-table-caption"><?php esc_attr_e( 'Officials', 'sportspress' ); ?></h4>
<div class="sp-list-wrapper">
<dl class="sp-event-officials">
<?php
@@ -24,13 +24,13 @@ $scrollable = get_option( 'sportspress_enable_scrollable_tables', 'yes' ) == 'ye
continue;
}
echo '<dt>' . $label . '</dt>';
echo '<dt>' . wp_kses_post( $label ) . '</dt>';
foreach ( $appointed_officials as $official_id => $official_name ) {
if ( $link_officials && sp_post_exists( $official_id ) ) {
$official_name = '<a href="' . get_post_permalink( $official_id ) . '">' . $official_name . '</a>';
}
echo '<dd>' . $official_name . '</dd>';
echo '<dd>' . wp_kses_post( $official_name ) . '</dd>';
}
}
?>

6
templates/event-officials-table.php
View File

@@ -14,14 +14,14 @@ if ( ! defined( 'ABSPATH' ) ) {
$scrollable = get_option( 'sportspress_enable_scrollable_tables', 'yes' ) == 'yes' ? true : false;
?>
<div class="sp-template sp-template-event-officials">
<h4 class="sp-table-caption"><?php _e( 'Officials', 'sportspress' ); ?></h4>
<h4 class="sp-table-caption"><?php esc_attr_e( 'Officials', 'sportspress' ); ?></h4>
<div class="sp-table-wrapper">
<table class="sp-event-officials sp-data-table<?php echo $scrollable ? ' sp-scrollable-table' : ''; ?>">
<thead>
<tr>
<?php
foreach ( $labels as $label ) {
echo '<th class="data-name">' . $label . '</th>';
echo '<th class="data-name">' . wp_kses_post( $label ) . '</th>';
}
?>
</tr>
@@ -35,7 +35,7 @@ $scrollable = get_option( 'sportspress_enable_scrollable_tables', 'yes' ) == 'ye
$appointed_officials[ $official_id ] = '<a href="' . get_post_permalink( $official_id ) . '">' . $official_name . '</a>';
}
}
echo '<td class="data-name">' . implode( '<br>', $appointed_officials ) . '</td>';
echo '<td class="data-name">' . wp_kses_post( implode( '<br>', $appointed_officials ) ) . '</td>';
}
?>
</tr>

44
templates/event-performance-table.php
View File

@@ -42,14 +42,14 @@ if ( true == $responsive && $mode == 'values' ) {
}
$i = 0;
?>
<div class="sp-template sp-template-event-performance sp-template-event-performance-<?php echo $mode; ?>
<div class="sp-template sp-template-event-performance sp-template-event-performance-<?php echo esc_attr( $mode ); ?>
<?php
if ( isset( $class ) ) {
echo ' ' . $class; }
echo ' ' . esc_attr( $class ); }
?>
">
<?php if ( $caption ) : ?>
<h4 class="sp-table-caption"><?php echo $caption; ?></h4>
<h4 class="sp-table-caption"><?php echo wp_kses_post( $caption ); ?></h4>
<?php endif; ?>
<div class="sp-table-wrapper">
<table class="sp-event-performance sp-data-table
@@ -63,7 +63,7 @@ $i = 0;
sp-scrollable-table
<?php
}if ( $responsive ) {
echo ' sp-responsive-table ' . $identifier; } if ( $sortable ) {
echo ' sp-responsive-table ' . esc_attr( $identifier ); } if ( $sortable ) {
?>
sp-sortable-table<?php } ?><?php } ?>">
<thead>
@@ -75,14 +75,14 @@ $i = 0;
<?php } ?>
<th class="data-name">
<?php if ( isset( $section_label ) ) { ?>
<?php echo $section_label; ?>
<?php echo wp_kses_post( $section_label ); ?>
<?php } else { ?>
<?php _e( 'Player', 'sportspress' ); ?>
<?php esc_attr_e( 'Player', 'sportspress' ); ?>
<?php } ?>
</th>
<?php endif; ?>
<?php foreach ( $labels as $key => $label ) : ?>
<th class="data-<?php echo $key; ?>"><?php echo $label; ?></th>
<th class="data-<?php echo esc_attr( $key ); ?>"><?php echo wp_kses_post( $label ); ?></th>
<?php endforeach; ?>
<?php endif; ?>
</tr>
@@ -119,18 +119,18 @@ $i = 0;
continue;
}
echo '<tr class="' . sp_array_value( $row, 'status', 'lineup' ) . ' ' . ( $i % 2 == 0 ? 'odd' : 'even' ) . '">';
echo '<tr class="' . esc_attr( sp_array_value( $row, 'status', 'lineup' ) ) . ' ' . ( $i % 2 == 0 ? 'odd' : 'even' ) . '">';
if ( apply_filters( 'sportspress_event_performance_show_numbers', $show_numbers, $section ) ) {
$number = sp_array_value( $row, 'number', '&nbsp;' );
// Player number
echo '<td class="data-number" data-label="#">' . $number . '</td>';
echo '<td class="data-number" data-label="#">' . wp_kses_post( $number ) . '</td>';
}
if ( $link_posts ) :
$permalink = get_post_permalink( $player_id );
$name = '<a href="' . $permalink . '">' . $name . '</a>';
$name = '<a href="' . esc_url( $permalink ) . '">' . wp_kses_post( $name ) . '</a>';
endif;
if ( $stars_type ) :
@@ -138,13 +138,13 @@ $i = 0;
if ( $player_stars ) :
switch ( $stars_type ) :
case 1:
$name .= ' <span class="sp-event-stars"><i class="sp-event-star dashicons dashicons-star-filled" title="' . __( 'Player of the Match', 'sportspress' ) . '"></i></span>';
$name .= ' <span class="sp-event-stars"><i class="sp-event-star dashicons dashicons-star-filled" title="' . esc_attr__( 'Player of the Match', 'sportspress' ) . '"></i></span>';
break;
case 2:
$name .= ' <span class="sp-event-stars">' . str_repeat( '<i class="sp-event-star dashicons dashicons-star-filled" title="' . __( 'Stars', 'sportspress' ) . '"></i>', $player_stars ) . '</span>';
$name .= ' <span class="sp-event-stars">' . str_repeat( '<i class="sp-event-star dashicons dashicons-star-filled" title="' . esc_attr__( 'Stars', 'sportspress' ) . '"></i>', $player_stars ) . '</span>';
break;
case 3:
$name .= ' <span class="sp-event-stars"><i class="sp-event-star sp-event-star-' . $player_stars . ' dashicons dashicons-star-filled" title="' . __( 'Stars', 'sportspress' ) . '"></i><span class="sp-event-star-number">' . $player_stars . '</span></span>';
$name .= ' <span class="sp-event-stars"><i class="sp-event-star sp-event-star-' . $player_stars . ' dashicons dashicons-star-filled" title="' . esc_attr__( 'Stars', 'sportspress' ) . '"></i><span class="sp-event-star-number">' . $player_stars . '</span></span>';
break;
endswitch;
endif;
@@ -230,12 +230,12 @@ $i = 0;
$name .= ' <small class="sp-player-position">' . $position . '</small>';
endif;
echo '<td class="data-name" data-label="' . ( isset( $section_label ) ? $section_label : __( 'Player', 'sportspress' ) ) . '">' . $name . '</td>';
echo '<td class="data-name" data-label="' . ( isset( $section_label ) ? esc_attr( $section_label ) : esc_attr__( 'Player', 'sportspress' ) ) . '">' . wp_kses_post( $name ) . '</td>';
if ( $mode == 'icons' ) :
echo '<td class="sp-performance-icons">' . $content . '</td>';
echo '<td class="sp-performance-icons">' . wp_kses_post( $content ) . '</td>';
else :
echo $content;
echo wp_kses_post( $content );
endif;
echo '</tr>';
@@ -269,7 +269,7 @@ $i = 0;
echo '<td class="data-number" data-label="&nbsp;">&nbsp;</td>';
}
if ( $mode == 'values' ) :
echo '<td class="data-name" data-label="&nbsp;">' . __( 'Total', 'sportspress' ) . '</td>';
echo '<td class="data-name" data-label="&nbsp;">' . esc_attr__( 'Total', 'sportspress' ) . '</td>';
endif;
endif;
@@ -298,9 +298,9 @@ $i = 0;
if ( $mode == 'values' ) :
if ( $key == 'position' ) {
echo '<td class="data-' . $key . '" data-label="&nbsp;">' . $value . '</td>';
echo '<td class="data-' . esc_attr( $key ) . '" data-label="&nbsp;">' . wp_kses_post( $value ) . '</td>';
} else {
echo '<td class="data-' . $key . '" data-label="' . $labels[ $key ] . '">' . $value . '</td>';
echo '<td class="data-' . esc_attr( $key ) . '" data-label="' . esc_attr( $labels[ $key ] ) . '">' . wp_kses_post( $value ) . '</td>';
}
elseif ( intval( $value ) && $mode == 'icons' ) :
$performance_id = sp_array_value( $performance_ids, $key, null );
@@ -308,7 +308,7 @@ $i = 0;
if ( $performance_id && has_post_thumbnail( $performance_id ) ) :
$icons = get_the_post_thumbnail( $performance_id, 'sportspress-fit-mini', array( 'title' => sp_get_singular_name( $performance_id ) ) );
endif;
echo apply_filters( 'sportspress_event_performance_icons', $icons, $performance_id, 1 ) . $value . ' ';
echo wp_kses_post( apply_filters( 'sportspress_event_performance_icons', $icons, $performance_id, 1 ) . $value . ' ' );
endif;
endforeach;
@@ -323,13 +323,13 @@ $i = 0;
</table>
<?php
if ( isset( $show_staff ) ) {
echo sp_get_template(
echo wp_kses_post( sp_get_template(
'event-staff.php',
array(
'id' => $id,
'index' => $index,
)
);
) );
}
?>
</div>

14
templates/event-performance.php
View File

@@ -51,7 +51,7 @@ if ( is_array( $teams ) ) :
// Add position to labels if selected
if ( $show_position ) {
$labels = array_merge( array( 'position' => __( 'Position', 'sportspress' ) ), $labels );
$labels = array_merge( array( 'position' => esc_attr__( 'Position', 'sportspress' ) ), $labels );
}
// Remove the first row to leave us with the actual data
@@ -129,7 +129,7 @@ if ( is_array( $teams ) ) :
'show_numbers' => $show_numbers,
'show_minutes' => $show_minutes,
'show_total' => $show_total,
'caption' => __( 'Box Score', 'sportspress' ),
'caption' => esc_attr__( 'Box Score', 'sportspress' ),
'labels' => $labels,
'formats' => $formats,
'mode' => $mode,
@@ -148,11 +148,11 @@ if ( is_array( $teams ) ) :
// Determine order of sections
if ( 1 == $sections ) {
$section_order = array(
1 => __( 'Defense', 'sportspress' ),
0 => __( 'Offense', 'sportspress' ),
1 => esc_attr__( 'Defense', 'sportspress' ),
0 => esc_attr__( 'Offense', 'sportspress' ),
);
} else {
$section_order = array( __( 'Offense', 'sportspress' ), __( 'Defense', 'sportspress' ) );
$section_order = array( esc_attr__( 'Offense', 'sportspress' ), esc_attr__( 'Defense', 'sportspress' ) );
}
// Initialize labels
@@ -161,7 +161,7 @@ if ( is_array( $teams ) ) :
// Add positions if applicable
if ( $show_position ) {
$labels[0]['position'] = $labels[1]['position'] = __( 'Position', 'sportspress' );
$labels[0]['position'] = $labels[1]['position'] = esc_attr__( 'Position', 'sportspress' );
}
// Get labels by section
@@ -325,7 +325,7 @@ if ( is_array( $teams ) ) :
if ( ! empty( $content ) ) :
?>
<div class="sp-event-performance-tables sp-event-performance-teams">
<?php echo $content; ?>
<?php echo wp_kses_post( $content ); ?>
</div><!-- .sp-event-performance-tables -->
<?php
endif;

6
templates/event-results.php
View File

@@ -26,7 +26,7 @@ if ( 'results' != $status ) {
}
if ( ! isset( $caption ) ) {
$caption = __( 'Results', 'sportspress' );
$caption = esc_attr__( 'Results', 'sportspress' );
}
// Get event result data
@@ -118,7 +118,7 @@ else :
$output .= '<div class="sp-table-wrapper">' .
'<table class="sp-event-results sp-data-table' . ( $scrollable ? ' sp-scrollable-table' : '' ) . '"><thead>' .
'<th class="data-name">' . __( 'Team', 'sportspress' ) . '</th>';
'<th class="data-name">' . esc_attr__( 'Team', 'sportspress' ) . '</th>';
foreach ( $labels as $key => $label ) :
$output .= '<th class="data-' . $key . '">' . $label . '</th>';
endforeach;
@@ -129,5 +129,5 @@ else :
endif;
?>
<div class="sp-template sp-template-event-results">
<?php echo $output; ?>
<?php echo wp_kses_post( $output ); ?>
</div>

6
templates/event-staff.php
View File

@@ -45,9 +45,9 @@ extract( $defaults, EXTR_SKIP );
$roles = $staff->roles();
if ( ! empty( $roles ) ) :
$roles = wp_list_pluck( $roles, 'name' );
echo implode( '<span class="sp-staff-role-delimiter">/</span>', $roles );
echo wp_kses_post( implode( '<span class="sp-staff-role-delimiter">/</span>', $roles ) );
else :
_e( 'Staff', 'sportspress' );
esc_attr_e( 'Staff', 'sportspress' );
endif;
echo ': ';
@@ -57,7 +57,7 @@ extract( $defaults, EXTR_SKIP );
$name = '<a href="' . $permalink . '">' . $name . '</a>';
endif;
echo $name . '<br>';
echo wp_kses_post( $name ) . '<br>';
endforeach;
?>

6
templates/event-venue.php
View File

@@ -40,11 +40,11 @@ foreach ( $venues as $venue ) :
$address = urlencode( $address );
?>
<div class="sp-template sp-template-event-venue">
<h4 class="sp-table-caption"><?php _e( 'Venue', 'sportspress' ); ?></h4>
<h4 class="sp-table-caption"><?php esc_attr_e( 'Venue', 'sportspress' ); ?></h4>
<table class="sp-data-table sp-event-venue">
<thead>
<tr>
<th><?php echo $name; ?></th>
<th><?php echo wp_kses_post( $name ); ?></th>
</tr>
</thead>
<?php if ( $show_maps ) : ?>
@@ -54,7 +54,7 @@ foreach ( $venues as $venue ) :
</tr>
<?php if ( $address != null ) { ?>
<tr class="sp-event-venue-address-row">
<td><?php echo urldecode( $address ); ?></td>
<td><?php echo wp_kses_post( urldecode( $address ) ); ?></td>
</tr>
<?php } ?>
</tbody>

6
templates/event-video.php
View File

@@ -15,14 +15,14 @@ if ( ! isset( $id ) ) {
$id = get_the_ID();
}
$video_url = get_post_meta( $id, 'sp_video', true );
$video_url = esc_url( get_post_meta( $id, 'sp_video', true ) );
if ( $video_url ) :
?>
<div class="sp-template sp-template-event-video sp-event-video">
<h4 class="sp-table-caption"><?php _e( 'Video', 'sportspress' ); ?></h4>
<h4 class="sp-table-caption"><?php esc_attr_e( 'Video', 'sportspress' ); ?></h4>
<?php
global $wp_embed;
echo $wp_embed->autoembed( $video_url );
echo $wp_embed->autoembed( $video_url ); // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped
?>
</div>
<?php

6
templates/league-table.php
View File

@@ -94,7 +94,7 @@ if ( null !== $columns && ! is_array( $columns ) ) {
$columns = explode( ',', $columns );
}
$output .= '<th class="data-rank">' . __( 'Pos', 'sportspress' ) . '</th>';
$output .= '<th class="data-rank">' . esc_attr__( 'Pos', 'sportspress' ) . '</th>';
foreach ( $labels as $key => $label ) :
if ( ! is_array( $columns ) || $key == 'name' || in_array( $key, $columns ) ) {
@@ -205,9 +205,9 @@ $output .= '</tbody>' . '</table>';
$output .= '</div>';
if ( $show_full_table_link ) {
$output .= '<div class="sp-league-table-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View full table', 'sportspress' ) . '</a></div>';
$output .= '<div class="sp-league-table-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . esc_attr__( 'View full table', 'sportspress' ) . '</a></div>';
}
?>
<div class="sp-template sp-template-league-table">
<?php echo $output; ?>
<?php echo wp_kses_post( $output ); ?>
</div>

16
templates/official-details.php
View File

@@ -47,7 +47,7 @@ if ( $show_number ) :
endif;
if ( $show_name ) :
$common[ __( 'Name', 'sportspress' ) ] = $official->post->post_title;
$common[ esc_attr__( 'Name', 'sportspress' ) ] = $official->post->post_title;
endif;
if ( $show_nationality ) :
@@ -58,7 +58,7 @@ if ( $show_nationality ) :
$country_name = sp_array_value( $countries, $nationality, null );
$values[] = $country_name ? ( $show_nationality_flags ? sp_flags( $nationality ) : '' ) . $country_name : '&mdash;';
endforeach;
$common[ __( 'Nationality', 'sportspress' ) ] = implode( '<br>', $values );
$common[ esc_attr__( 'Nationality', 'sportspress' ) ] = implode( '<br>', $values );
endif;
endif;
@@ -69,7 +69,7 @@ if ( $show_positions ) :
foreach ( $positions as $position ) :
$position_names[] = $position->name;
endforeach;
$common[ __( 'Position', 'sportspress' ) ] = implode( ', ', $position_names );
$common[ esc_attr__( 'Position', 'sportspress' ) ] = implode( ', ', $position_names );
endif;
endif;
@@ -86,7 +86,7 @@ if ( $show_current_teams ) :
}
$teams[] = $team_name;
endforeach;
$data[ __( 'Current Team', 'sportspress' ) ] = implode( ', ', $teams );
$data[ esc_attr__( 'Current Team', 'sportspress' ) ] = implode( ', ', $teams );
endif;
endif;
@@ -101,7 +101,7 @@ if ( $show_past_teams ) :
}
$teams[] = $team_name;
endforeach;
$data[ __( 'Past Teams', 'sportspress' ) ] = implode( ', ', $teams );
$data[ esc_attr__( 'Past Teams', 'sportspress' ) ] = implode( ', ', $teams );
endif;
endif;
@@ -112,7 +112,7 @@ if ( $show_leagues ) :
foreach ( $leagues as $league ) {
$terms[] = $league->name;
}
$data[ __( 'Leagues', 'sportspress' ) ] = implode( ', ', $terms );
$data[ esc_attr__( 'Leagues', 'sportspress' ) ] = implode( ', ', $terms );
endif;
endif;
@@ -123,7 +123,7 @@ if ( $show_seasons ) :
foreach ( $seasons as $season ) {
$terms[] = $season->name;
}
$data[ __( 'Seasons', 'sportspress' ) ] = implode( ', ', $terms );
$data[ esc_attr__( 'Seasons', 'sportspress' ) ] = implode( ', ', $terms );
endif;
endif;
@@ -143,4 +143,4 @@ endforeach;
$output .= '</dl></div></div>';
echo $output;
echo wp_kses_post( $output );

16
templates/player-details.php
View File

@@ -47,7 +47,7 @@ if ( $show_number ) :
endif;
if ( $show_name ) :
$common[ __( 'Name', 'sportspress' ) ] = $player->post->post_title;
$common[ esc_attr__( 'Name', 'sportspress' ) ] = $player->post->post_title;
endif;
if ( $show_nationality ) :
@@ -58,7 +58,7 @@ if ( $show_nationality ) :
$country_name = sp_array_value( $countries, $nationality, null );
$values[] = $country_name ? ( $show_nationality_flags ? sp_flags( $nationality ) : '' ) . $country_name : '&mdash;';
endforeach;
$common[ __( 'Nationality', 'sportspress' ) ] = implode( '<br>', $values );
$common[ esc_attr__( 'Nationality', 'sportspress' ) ] = implode( '<br>', $values );
endif;
endif;
@@ -69,7 +69,7 @@ if ( $show_positions ) :
foreach ( $positions as $position ) :
$position_names[] = $position->name;
endforeach;
$common[ __( 'Position', 'sportspress' ) ] = implode( ', ', $position_names );
$common[ esc_attr__( 'Position', 'sportspress' ) ] = implode( ', ', $position_names );
endif;
endif;
@@ -86,7 +86,7 @@ if ( $show_current_teams ) :
}
$teams[] = $team_name;
endforeach;
$data[ __( 'Current Team', 'sportspress' ) ] = implode( ', ', $teams );
$data[ esc_attr__( 'Current Team', 'sportspress' ) ] = implode( ', ', $teams );
endif;
endif;
@@ -101,7 +101,7 @@ if ( $show_past_teams ) :
}
$teams[] = $team_name;
endforeach;
$data[ __( 'Past Teams', 'sportspress' ) ] = implode( ', ', $teams );
$data[ esc_attr__( 'Past Teams', 'sportspress' ) ] = implode( ', ', $teams );
endif;
endif;
@@ -112,7 +112,7 @@ if ( $show_leagues ) :
foreach ( $leagues as $league ) {
$terms[] = $league->name;
}
$data[ __( 'Leagues', 'sportspress' ) ] = implode( ', ', $terms );
$data[ esc_attr__( 'Leagues', 'sportspress' ) ] = implode( ', ', $terms );
endif;
endif;
@@ -123,7 +123,7 @@ if ( $show_seasons ) :
foreach ( $seasons as $season ) {
$terms[] = $season->name;
}
$data[ __( 'Seasons', 'sportspress' ) ] = implode( ', ', $terms );
$data[ esc_attr__( 'Seasons', 'sportspress' ) ] = implode( ', ', $terms );
endif;
endif;
@@ -143,4 +143,4 @@ endforeach;
$output .= '</dl></div></div>';
echo $output;
echo wp_kses_post( $output );

10
templates/player-gallery-thumbnail.php
View File

@@ -43,10 +43,10 @@ if ( has_post_thumbnail( $id ) ) {
$thumbnail = '<img width="150" height="150" src="//www.gravatar.com/avatar/?s=150&d=mm&f=y" class="attachment-thumbnail wp-post-image">';
}
echo "<{$itemtag} class='gallery-item'>";
echo "
echo wp_kses_post( "<{$itemtag} class='gallery-item'>" );
echo wp_kses_post( "
<{$icontag} class='gallery-icon portrait'>"
. '<a href="' . get_permalink( $id ) . '">' . $thumbnail . '</a>'
. "</{$icontag}>";
echo $caption;
echo "</{$itemtag}>";
. "</{$icontag}>" );
echo wp_kses_post( $caption );
echo wp_kses_post( "</{$itemtag}>" );

10
templates/player-gallery.php
View File

@@ -86,7 +86,7 @@ else :
endif;
if ( $title ) {
echo '<h4 class="sp-table-caption">' . $title . '</h4>';
echo '<h4 class="sp-table-caption">' . wp_kses_post( $title ) . '</h4>';
}
$gallery_style = $gallery_div = '';
@@ -113,9 +113,9 @@ if ( apply_filters( 'use_default_gallery_style', ! $html5 ) ) {
}
$size_class = sanitize_html_class( $size );
$gallery_div = "<div id='$selector' class='gallery galleryid-{$id} gallery-columns-{$columns} gallery-size-{$size_class}'>";
echo apply_filters( 'gallery_style', $gallery_style . "\n\t\t" );
echo wp_kses_post( apply_filters( 'gallery_style', $gallery_style . "\n\t\t" ) );
?>
<?php echo $gallery_div; ?>
<?php echo wp_kses_post( $gallery_div ); ?>
<?php
if ( intval( $number ) > 0 ) {
$limit = $number;
@@ -201,7 +201,7 @@ endforeach;
echo '<div class="sp-player-gallery-wrapper sp-gallery-wrapper">';
echo $gallery;
echo wp_kses_post( $gallery );
if ( ! $html5 && $columns > 0 && ++$i % $columns == 0 ) {
echo '<br style="clear: both" />';
@@ -210,7 +210,7 @@ endforeach;
echo '</div>';
if ( $show_all_players_link && ( 'position' !== $grouping || $j == count( $groups ) ) ) {
echo '<div class="sp-player-gallery-link sp-gallery-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View all players', 'sportspress' ) . '</a></div>';
echo '<div class="sp-player-gallery-link sp-gallery-link sp-view-all-link"><a href="' . esc_url( get_permalink( $id ) ) . '">' . esc_attr__( 'View all players', 'sportspress' ) . '</a></div>';
}
echo '</div>';

6
templates/player-list.php
View File

@@ -145,7 +145,7 @@ foreach ( $groups as $group ) :
if ( in_array( $orderby, array( 'number', 'name' ) ) ) :
$thead .= '<th class="data-number">#</th>';
else :
$thead .= '<th class="data-rank">' . __( 'Rank', 'sportspress' ) . '</th>';
$thead .= '<th class="data-rank">' . esc_attr__( 'Rank', 'sportspress' ) . '</th>';
endif;
endif;
@@ -275,11 +275,11 @@ endforeach;
$output .= '</tbody>' . '</table>' . '</div>';
if ( $show_all_players_link ) :
$output .= '<div class="sp-player-list-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View all players', 'sportspress' ) . '</a></div>';
$output .= '<div class="sp-player-list-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . esc_attr__( 'View all players', 'sportspress' ) . '</a></div>';
endif;
$output .= '</div>';
endforeach;
?>
<?php
echo $output;
echo wp_kses_post( $output );

2
templates/player-selector.php
View File

@@ -80,7 +80,7 @@ if ( sizeof( $options ) > 1 ) :
?>
<div class="sp-template sp-template-player-selector sp-template-profile-selector">
<select class="sp-profile-selector sp-player-selector sp-selector-redirect">
<?php echo implode( $options ); ?>
<?php echo wp_kses_post( implode( $options ) ); ?>
</select>
</div>
<?php

2
templates/player-statistics-league.php
View File

@@ -54,5 +54,5 @@ endforeach;
$output .= '</tbody>' . '</table>' . '</div>';
?>
<div class="sp-template sp-template-player-statistics">
<?php echo $output; ?>
<?php echo wp_kses_post( $output ); ?>
</div>

10
templates/player-statistics.php
View File

@@ -48,11 +48,11 @@ if ( $positions ) {
// Determine order of sections
if ( 1 == $sections ) {
$section_order = array(
1 => __( 'Defense', 'sportspress' ),
0 => __( 'Offense', 'sportspress' ),
1 => esc_attr__( 'Defense', 'sportspress' ),
0 => esc_attr__( 'Offense', 'sportspress' ),
);
} elseif ( 0 == $sections ) {
$section_order = array( __( 'Offense', 'sportspress' ), __( 'Defense', 'sportspress' ) );
$section_order = array( esc_attr__( 'Offense', 'sportspress' ), esc_attr__( 'Defense', 'sportspress' ) );
} else {
$section_order = array( -1 => null );
}
@@ -65,7 +65,7 @@ if ( is_array( $leagues ) ) :
}
if ( sizeof( $leagues ) > 1 ) {
printf( '<h3 class="sp-post-caption sp-player-statistics-section">%s</h3>', $section_label );
printf( '<h3 class="sp-post-caption sp-player-statistics-section">%s</h3>', wp_kses_post( $section_label ) );
}
foreach ( $leagues as $league ) :
@@ -94,7 +94,7 @@ if ( is_array( $leagues ) ) :
'player-statistics-league.php',
array(
'data' => $player->data( 0, false, $section_id ),
'caption' => __( 'Career Total', 'sportspress' ),
'caption' => esc_attr__( 'Career Total', 'sportspress' ),
'scrollable' => $scrollable,
'hide_teams' => true,
)

2
templates/post-excerpt.php
View File

@@ -19,6 +19,6 @@ $post = get_post( $id );
$excerpt = $post->post_excerpt;
if ( $excerpt ) {
?>
<p class="sp-excerpt"><?php echo $excerpt; ?></p>
<p class="sp-excerpt"><?php echo wp_kses_post( $excerpt ); ?></p>
<?php
}

2
templates/staff-content.php
View File

@@ -23,7 +23,7 @@ $content = $post->post_content;
if ( $content ) {
?>
<div class="sp-post-content">
<?php echo apply_filters( 'the_content', $content ); ?>
<?php echo wp_kses_post( apply_filters( 'the_content', $content ) ); ?>
</div>
<?php
}

8
templates/staff-details.php
View File

@@ -48,7 +48,7 @@ if ( $show_nationality && $nationalities && is_array( $nationalities ) ) :
$country_name = sp_array_value( $countries, $nationality, null );
$values[] = $country_name ? ( $show_nationality_flags ? sp_flags( $nationality ) : '' ) . $country_name : '&mdash;';
endforeach;
$data[ __( 'Nationality', 'sportspress' ) ] = implode( '<br>', $values );
$data[ esc_attr__( 'Nationality', 'sportspress' ) ] = implode( '<br>', $values );
endif;
if ( $show_current_teams && $current_teams ) :
@@ -60,7 +60,7 @@ if ( $show_current_teams && $current_teams ) :
}
$teams[] = $team_name;
endforeach;
$data[ __( 'Current Team', 'sportspress' ) ] = implode( ', ', $teams );
$data[ esc_attr__( 'Current Team', 'sportspress' ) ] = implode( ', ', $teams );
endif;
if ( $show_past_teams && $past_teams ) :
@@ -72,7 +72,7 @@ if ( $show_past_teams && $past_teams ) :
}
$teams[] = $team_name;
endforeach;
$data[ __( 'Past Teams', 'sportspress' ) ] = implode( ', ', $teams );
$data[ esc_attr__( 'Past Teams', 'sportspress' ) ] = implode( ', ', $teams );
endif;
$data = apply_filters( 'sportspress_staff_details', $data, $id );
@@ -93,5 +93,5 @@ endforeach;
$output .= '</dl></div>';
?>
<div class="sp-template sp-template-staff-details sp-template-details">
<?php echo $output; ?>
<?php echo wp_kses_post( $output ); ?>
</div>

2
templates/staff-excerpt.php
View File

@@ -23,7 +23,7 @@ $excerpt = $post->post_excerpt;
if ( $excerpt ) {
?>
<p class="sp-excerpt">
<?php echo $excerpt; ?>
<?php echo wp_kses_post( $excerpt ); ?>
</p>
<?php
}

2
templates/staff-header.php
View File

@@ -24,6 +24,6 @@ if ( $title ) {
$title = '<strong class="sp-staff-role">' . $role->name . '</strong> ' . $title;
}
?>
<h3 class="sp-staff-name"><?php echo $title; ?></h3>
<h3 class="sp-staff-name"><?php echo wp_kses_post( $title ); ?></h3>
<?php
}

2
templates/staff-selector.php
View File

@@ -72,7 +72,7 @@ if ( sizeof( $options ) > 1 ) :
?>
<div class="sp-template sp-template-staff-selector sp-template-profile-selector">
<select class="sp-profile-selector sp-staff-selector sp-selector-redirect">
<?php echo implode( $options ); ?>
<?php echo wp_kses_post( implode( $options ) ); ?>
</select>
</div>
<?php

10
templates/team-details.php
View File

@@ -26,7 +26,7 @@ if ( $terms ) :
foreach ( $terms as $term ) :
$leagues[] = $term->name;
endforeach;
$data[ __( 'Leagues', 'sportspress' ) ] = implode( ', ', $leagues );
$data[ esc_attr__( 'Leagues', 'sportspress' ) ] = implode( ', ', $leagues );
endif;
$terms = get_the_terms( $id, 'sp_season' );
@@ -35,19 +35,19 @@ if ( $terms ) :
foreach ( $terms as $term ) :
$seasons[] = $term->name;
endforeach;
$data[ __( 'Seasons', 'sportspress' ) ] = implode( ', ', $seasons );
$data[ esc_attr__( 'Seasons', 'sportspress' ) ] = implode( ', ', $seasons );
endif;
$terms = get_the_terms( $id, 'sp_venue' );
if ( $terms ) :
if ( get_option( 'sportspress_team_link_venues', 'no' ) === 'yes' ) :
$data[ __( 'Home', 'sportspress' ) ] = get_the_term_list( $id, 'sp_venue', '', ', ' );
$data[ esc_attr__( 'Home', 'sportspress' ) ] = get_the_term_list( $id, 'sp_venue', '', ', ' );
else :
$venues = array();
foreach ( $terms as $term ) :
$venues[] = $term->name;
endforeach;
$data[ __( 'Home', 'sportspress' ) ] = implode( ', ', $venues );
$data[ esc_attr__( 'Home', 'sportspress' ) ] = implode( ', ', $venues );
endif;
endif;
@@ -63,5 +63,5 @@ endforeach;
$output .= '</dl></div>';
?>
<div class="sp-template sp-template-team-details sp-template-details">
<?php echo $output; ?>
<?php echo wp_kses_post( $output ); ?>
</div>

10
templates/team-gallery-thumbnail.php
View File

@@ -37,10 +37,10 @@ if ( has_post_thumbnail( $id ) ) {
$thumbnail = '<img width="150" height="150" src="//www.gravatar.com/avatar/?s=150&d=blank&f=y" class="attachment-thumbnail wp-post-image">';
}
echo "<{$itemtag} class='gallery-item'>";
echo "
echo wp_kses_post( "<{$itemtag} class='gallery-item'>" );
echo wp_kses_post( "
<{$icontag} class='gallery-icon portrait'>"
. '<a href="' . get_permalink( $id ) . '">' . $thumbnail . '</a>'
. "</{$icontag}>";
echo $caption;
echo "</{$itemtag}>";
. "</{$icontag}>" );
echo wp_kses_post( $caption );
echo wp_kses_post( "</{$itemtag}>" );

10
templates/team-gallery.php
View File

@@ -70,7 +70,7 @@ elseif ( $orderby == 'rand' ) :
endif;
if ( $title ) {
echo '<h4 class="sp-table-caption">' . $title . '</h4>';
echo '<h4 class="sp-table-caption">' . wp_kses_post( $title ) . '</h4>';
}
$gallery_style = $gallery_div = '';
@@ -97,9 +97,9 @@ if ( apply_filters( 'use_default_gallery_style', ! $html5 ) ) {
}
$size_class = sanitize_html_class( $size );
$gallery_div = "<div id='$selector' class='gallery galleryid-{$id} gallery-columns-{$columns} gallery-size-{$size_class}'>";
echo apply_filters( 'gallery_style', $gallery_style . "\n\t\t" );
echo wp_kses_post( apply_filters( 'gallery_style', $gallery_style . "\n\t\t" ) );
?>
<?php echo $gallery_div; ?>
<?php echo wp_kses_post( $gallery_div ); ?>
<?php
if ( intval( $number ) > 0 ) {
$limit = $number;
@@ -143,7 +143,7 @@ echo apply_filters( 'gallery_style', $gallery_style . "\n\t\t" );
echo '<div class="sp-team-gallery-wrapper sp-gallery-wrapper">';
echo $gallery;
echo wp_kses_post( $gallery );
if ( ! $html5 && $columns > 0 && ++$i % $columns == 0 ) {
echo '<br style="clear: both" />';
@@ -152,7 +152,7 @@ echo apply_filters( 'gallery_style', $gallery_style . "\n\t\t" );
echo '</div>';
if ( $show_all_teams_link ) {
echo '<div class="sp-team-gallery-link sp-gallery-link sp-view-all-link"><a href="' . get_permalink( $id ) . '">' . __( 'View all teams', 'sportspress' ) . '</a></div>';
echo '<div class="sp-team-gallery-link sp-gallery-link sp-view-all-link"><a href="' . esc_url( get_permalink( $id ) ) . '">' . esc_attr__( 'View all teams', 'sportspress' ) . '</a></div>';
}
echo '</div>';

4
templates/team-link.php
View File

@@ -24,11 +24,11 @@ if ( empty( $url ) ) {
return false;
}
?>
<form action="<?php echo $url; ?>"
<form action="<?php echo esc_url( $url ); ?>"
<?php
if ( get_option( 'sportspress_team_site_target_blank', 'no' ) == 'yes' ) {
?>
target="_blank"<?php } ?>>
<input type="submit" class="button sp-button sp-team-button" value="<?php _e( 'Visit Site', 'sportspress' ); ?>">
<input type="submit" class="button sp-button sp-team-button" value="<?php esc_attr_e( 'Visit Site', 'sportspress' ); ?>">
</form>
<br>

2
templates/team-lists.php
View File

@@ -24,7 +24,7 @@ foreach ( $lists as $list ) :
if ( $grouping == 0 && sizeof( $lists ) > 1 ) :
?>
<h4 class="sp-table-caption"><?php echo $list->post_title; ?></h4>
<h4 class="sp-table-caption"><?php echo wp_kses_post( $list->post_title ); ?></h4>
<?php
endif;

2
templates/team-staff.php
View File

@@ -31,7 +31,7 @@ foreach ( $members as $staff ) :
$name = '<span class="sp-staff-role">' . implode( '<span class="sp-staff-role-delimiter">/</span>', $roles ) . '</span> ' . $name;
endif;
?>
<h4 class="sp-staff-name"><?php echo $link_staff ? '<a href="' . get_permalink( $id ) . '">' . $name . '</a>' : $name; ?></h4>
<h4 class="sp-staff-name"><?php echo $link_staff ? '<a href="' . esc_url( get_permalink( $id ) ) . '">' . wp_kses_post( $name ) . '</a>' : wp_kses_post( $name ); ?></h4>
<?php
sp_get_template( 'staff-photo.php', array( 'id' => $id ) );
sp_get_template( 'staff-details.php', array( 'id' => $id ) );