asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

FIX: The returned input field was not escaped correctly

Browse Source
This commit is contained in:
savvasha
2021-11-28 11:58:41 +02:00
parent 510d5a0620
commit 54868464f0
1 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
includes/admin/post-types/meta-boxes/class-sp-meta-box-player-statistics.php
View File

@@ -199,7 +199,18 @@ class SP_Meta_Box_Player_Statistics {
if ( 0 === $div_id ) { if ( 0 === $div_id ) {
esc_attr_e( 'Total', 'sportspress' ); esc_attr_e( 'Total', 'sportspress' );
} elseif ( 'WP_Error' != get_class( $div ) ) { } elseif ( 'WP_Error' != get_class( $div ) ) {
echo esc_attr( apply_filters( 'sportspress_meta_box_player_statistics_season_name', $div->name, $league_id, $div_id, $div_stats ) ); $allowed_html = array(
'input' => array(
'type' => array(),
'class' => array(),
'name' => array(),
'value' => array(),
'size' => array(),
'placeholder' => array(),
'id' => array(),
),
);
echo wp_kses( apply_filters( 'sportspress_meta_box_player_statistics_season_name', $div->name, $league_id, $div_id, $div_stats ), $allowed_html );
} }
?> ?>
</label> </label>