asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape several output vars at Admin Settings page

Browse Source
This commit is contained in:
Savvas Hadjigeorgiou
2021-11-05 13:21:58 +02:00
parent 75fd238e14
commit 4841d5948b
1 changed files with 28 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
includes/admin/class-sp-admin-settings.php
View File

@@ -252,7 +252,7 @@ class SP_Admin_Settings {
if ( $tip && in_array( $value['type'], array( 'checkbox' ) ) ) { if ( $tip && in_array( $value['type'], array( 'checkbox' ) ) ) {
$tip = '<p class="description">' . $tip . '</p>'; $tip = '<p class="description">' . esc_attr( $tip ) . '</p>';
} elseif ( $tip ) { } elseif ( $tip ) {
@@ -311,9 +311,9 @@ class SP_Admin_Settings {
?><tr valign="top"> ?><tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label> <label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label>
<?php echo $tip; ?> <?php echo esc_html( $tip ); ?>
</th> </th>
<td class="forminp forminp-<?php echo sanitize_title( $value['type'] ) ?>"> <td class="forminp forminp-<?php echo esc_attr( $value['type'] ) ?>">
<input <input
name="<?php echo esc_attr( $value['id'] ); ?>" name="<?php echo esc_attr( $value['id'] ); ?>"
id="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>"
@@ -323,7 +323,7 @@ class SP_Admin_Settings {
placeholder="<?php echo esc_attr( $value['placeholder'] ); ?>" placeholder="<?php echo esc_attr( $value['placeholder'] ); ?>"
class="<?php echo esc_attr( $value['class'] ); ?>" class="<?php echo esc_attr( $value['class'] ); ?>"
<?php echo implode( ' ', $custom_attributes ); ?> <?php echo implode( ' ', $custom_attributes ); ?>
/> <?php echo $description; ?> /> <?php echo wp_kses_post( $description ); ?>
</td> </td>
</tr><?php </tr><?php
break; break;
@@ -336,10 +336,10 @@ class SP_Admin_Settings {
?><tr valign="top"> ?><tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label> <label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label>
<?php echo $tip; ?> <?php echo esc_html( $tip ); ?>
</th> </th>
<td class="forminp forminp-<?php echo sanitize_title( $value['type'] ) ?>"> <td class="forminp forminp-<?php echo esc_attr( $value['type'] ) ?>">
<?php echo $description; ?> <?php echo wp_kses_post( $description ); ?>
<textarea <textarea
name="<?php echo esc_attr( $value['id'] ); ?>" name="<?php echo esc_attr( $value['id'] ); ?>"
@@ -361,9 +361,9 @@ class SP_Admin_Settings {
?><tr valign="top"> ?><tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label> <label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label>
<?php echo $tip; ?> <?php echo esc_html( $tip ); ?>
</th> </th>
<td class="forminp forminp-<?php echo sanitize_title( $value['type'] ) ?>"> <td class="forminp forminp-<?php echo esc_attr( $value['type'] ) ?>">
<select <select
name="<?php echo esc_attr( $value['id'] ); ?><?php if ( $value['type'] == 'multiselect' ) echo '[]'; ?>" name="<?php echo esc_attr( $value['id'] ); ?><?php if ( $value['type'] == 'multiselect' ) echo '[]'; ?>"
id="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>"
@@ -382,11 +382,11 @@ class SP_Admin_Settings {
else else
selected( $option_value, $key ); selected( $option_value, $key );
?>><?php echo $val ?></option> ?>><?php echo esc_attr( $val ); ?></option>
<?php <?php
} }
?> ?>
</select> <?php echo $description; ?> </select> <?php echo wp_kses_post( $description ); ?>
</td> </td>
</tr><?php </tr><?php
break; break;
@@ -399,9 +399,9 @@ class SP_Admin_Settings {
?><tr valign="top"> ?><tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label> <label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label>
<?php echo $tip; ?> <?php echo esc_html( $tip ); ?>
</th> </th>
<td class="forminp forminp-<?php echo sanitize_title( $value['type'] ) ?>"> <td class="forminp forminp-<?php echo esc_attr( $value['type'] ) ?>">
<select <select
name="<?php echo esc_attr( $value['id'] ); ?><?php if ( $value['type'] == 'multiselect' ) echo '[]'; ?>" name="<?php echo esc_attr( $value['id'] ); ?><?php if ( $value['type'] == 'multiselect' ) echo '[]'; ?>"
id="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>"
@@ -424,7 +424,7 @@ class SP_Admin_Settings {
else else
selected( $option_value, $key ); selected( $option_value, $key );
?>><?php echo $val ?></option> ?>><?php echo esc_attr( $val ); ?></option>
<?php <?php
} }
?> ?>
@@ -432,7 +432,7 @@ class SP_Admin_Settings {
<?php <?php
} }
?> ?>
</select> <?php echo $description; ?> </select> <?php echo wp_kses_post( $description ); ?>
</td> </td>
</tr><?php </tr><?php
break; break;
@@ -449,9 +449,9 @@ class SP_Admin_Settings {
?><tr valign="top"> ?><tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label> <label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label>
<?php echo $tip; ?> <?php echo esc_html( $tip ); ?>
</th> </th>
<td class="forminp forminp-<?php echo sanitize_title( $value['type'] ) ?>"> <td class="forminp forminp-<?php echo esc_attr( $value['type'] ) ?>">
<select <select
name="<?php echo esc_attr( $value['id'] ); ?><?php if ( $value['type'] == 'multiselect' ) echo '[]'; ?>" name="<?php echo esc_attr( $value['id'] ); ?><?php if ( $value['type'] == 'multiselect' ) echo '[]'; ?>"
id="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>"
@@ -474,7 +474,7 @@ class SP_Admin_Settings {
else else
selected( $option_value, $key ); selected( $option_value, $key );
?>><?php echo $val ?></option> ?>><?php echo esc_attr( $val ); ?></option>
<?php <?php
} }
?> ?>
@@ -482,7 +482,7 @@ class SP_Admin_Settings {
<?php <?php
} }
?> ?>
</select> <?php echo $description; ?> <a class="button button-small sp-configure-sport" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'sportspress-config' ), 'admin.php' ) ) ); ?>"><?php _e( 'Configure', 'sportspress' ); ?></a> </select> <?php echo wp_kses_post( $description ); ?> <a class="button button-small sp-configure-sport" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'sportspress-config' ), 'admin.php' ) ) ); ?>"><?php _e( 'Configure', 'sportspress' ); ?></a>
<p> <p>
<label> <label>
<input type="checkbox" name="add_sample_data" id="add_sample_data" <?php checked( sp_array_value( $value, 'welcome' ) ); ?>> <input type="checkbox" name="add_sample_data" id="add_sample_data" <?php checked( sp_array_value( $value, 'welcome' ) ); ?>>
@@ -501,11 +501,11 @@ class SP_Admin_Settings {
?><tr valign="top"> ?><tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label> <label for="<?php echo esc_attr( $value['id'] ); ?>"><?php echo esc_html( $value['title'] ); ?></label>
<?php echo $tip; ?> <?php echo wp_kses_post( $tip ); ?>
</th> </th>
<td class="forminp forminp-<?php echo sanitize_title( $value['type'] ) ?>"> <td class="forminp forminp-<?php echo esc_attr( $value['type'] ) ?>">
<fieldset> <fieldset>
<?php echo $description; ?> <?php echo wp_kses_post( $description ); ?>
<ul> <ul>
<?php <?php
foreach ( $value['options'] as $key => $val ) { foreach ( $value['options'] as $key => $val ) {
@@ -513,13 +513,13 @@ class SP_Admin_Settings {
<li> <li>
<label><input <label><input
name="<?php echo esc_attr( $value['id'] ); ?>" name="<?php echo esc_attr( $value['id'] ); ?>"
value="<?php echo $key; ?>" value="<?php echo esc_attr( $key ); ?>"
type="radio" type="radio"
style="<?php echo esc_attr( $value['css'] ); ?>" style="<?php echo esc_attr( $value['css'] ); ?>"
class="<?php echo esc_attr( $value['class'] ); ?>" class="<?php echo esc_attr( $value['class'] ); ?>"
<?php echo implode( ' ', $custom_attributes ); ?> <?php echo implode( ' ', $custom_attributes ); ?>
<?php checked( $key, $option_value ); ?> <?php checked( $key, $option_value ); ?>
/> <?php echo $val ?></label> /> <?php echo esc_attr( $val ); ?></label>
</li> </li>
<?php <?php
} }
@@ -572,7 +572,7 @@ class SP_Admin_Settings {
} }
?> ?>
<label for="<?php echo $value['id'] ?>"> <label for="<?php echo esc_attr( $value['id'] ); ?>">
<input <input
name="<?php echo esc_attr( $value['id'] ); ?>" name="<?php echo esc_attr( $value['id'] ); ?>"
id="<?php echo esc_attr( $value['id'] ); ?>" id="<?php echo esc_attr( $value['id'] ); ?>"
@@ -580,8 +580,8 @@ class SP_Admin_Settings {
value="1" value="1"
<?php checked( $option_value, 'yes'); ?> <?php checked( $option_value, 'yes'); ?>
<?php echo implode( ' ', $custom_attributes ); ?> <?php echo implode( ' ', $custom_attributes ); ?>
/> <?php echo $description ?> /> <?php echo wp_kses_post( $description ); ?>
</label> <?php echo $tip; ?> </label> <?php echo wp_kses_post( $tip ); ?>
<?php <?php
if ( ! isset( $value['checkboxgroup'] ) || 'end' == $value['checkboxgroup'] ) { if ( ! isset( $value['checkboxgroup'] ) || 'end' == $value['checkboxgroup'] ) {
@@ -627,7 +627,7 @@ class SP_Admin_Settings {
if ( ! isset( $value['id'] ) ) if ( ! isset( $value['id'] ) )
continue; continue;
$type = isset( $value['type'] ) ? sanitize_title( $value['type'] ) : ''; $type = isset( $value['type'] ) ? esc_attr( $value['type'] ) : '';
// Get the option name // Get the option name
$option_value = null; $option_value = null;