asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escapes based on phpcs #5

Browse Source
This commit is contained in:
savvasha
2021-11-11 16:17:02 +02:00
parent 204b2dde61
commit 732117b031
5 changed files with 206 additions and 206 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
includes/admin/settings/class-sp-settings-general.php
View File

@@ -354,12 +354,12 @@ if ( ! class_exists( 'SP_Settings_General' ) ) :
?> ?>
<tr valign="top"> <tr valign="top">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<label for="timezone_string"><?php _e( 'Timezone', 'sportspress' ); ?> <i class="dashicons dashicons-editor-help sp-desc-tip" title="<?php _e( 'Choose a city in the same timezone as you.', 'sportspress' ); ?>"></i></label> <label for="timezone_string"><?php esc_html_e( 'Timezone', 'sportspress' ); ?> <i class="dashicons dashicons-editor-help sp-desc-tip" title="<?php esc_attr_e( 'Choose a city in the same timezone as you.', 'sportspress' ); ?>"></i></label>
</th> </th>
<td class="forminp"> <td class="forminp">
<legend class="screen-reader-text"><span><?php _e( 'Timezone', 'sportspress' ); ?></span></legend> <legend class="screen-reader-text"><span><?php esc_html_e( 'Timezone', 'sportspress' ); ?></span></legend>
<select id="timezone_string" name="timezone_string" class="<?php echo $class; ?>"> <select id="timezone_string" name="timezone_string" class="<?php echo esc_attr( $class ); ?>">
<?php echo wp_timezone_choice( $tzstring ); ?> <?php echo esc_html( wp_timezone_choice( $tzstring ) ); ?>
</select> </select>
</td> </td>
</tr> </tr>
@@ -390,13 +390,13 @@ if ( ! class_exists( 'SP_Settings_General' ) ) :
?> ?>
<tr valign="top" class="themeboy"> <tr valign="top" class="themeboy">
<th scope="row" class="titledesc"> <th scope="row" class="titledesc">
<?php _e( 'Color Scheme', 'sportspress' ); ?> <?php esc_html_e( 'Color Scheme', 'sportspress' ); ?>
</th> </th>
<td class="forminp"> <td class="forminp">
<fieldset> <fieldset>
<?php foreach ( $color_schemes as $name => $colors ) { ?> <?php foreach ( $color_schemes as $name => $colors ) { ?>
<div class="color-option sp-color-option"> <div class="color-option sp-color-option">
<label data-sp-colors="<?php echo implode( ',', $colors ); ?>"><?php echo esc_html( $name ); ?></label> <label data-sp-colors="<?php echo implode( ',', array_map( 'esc_attr', $colors ) ); ?>"><?php echo esc_html( $name ); ?></label>
<table class="color-palette"> <table class="color-palette">
<tbody> <tbody>
<tr> <tr>
@@ -411,7 +411,7 @@ if ( ! class_exists( 'SP_Settings_General' ) ) :
</fieldset> </fieldset>
<fieldset> <fieldset>
<div class="sp-custom-colors"> <div class="sp-custom-colors">
<label data-sp-colors="<?php echo implode( ',', $colors ); ?>"><?php _e( 'Customize', 'sportspress' ); ?></label><br> <label data-sp-colors="<?php echo implode( ',', array_map( 'esc_attr', $colors ) ); ?>"><?php esc_html_e( 'Customize', 'sportspress' ); ?></label><br>
<?php <?php
// Get settings // Get settings
$colors = array_map( 'esc_attr', (array) get_option( 'themeboy', array() ) ); $colors = array_map( 'esc_attr', (array) get_option( 'themeboy', array() ) );
@@ -453,7 +453,7 @@ if ( ! class_exists( 'SP_Settings_General' ) ) :
<br> <br>
<label for="sportspress_frontend_css_customize"> <label for="sportspress_frontend_css_customize">
<input name="sportspress_frontend_css_customize" id="sportspress_frontend_css_customize" type="checkbox" value="1" <?php checked( $colors['customize'] ); ?>> <input name="sportspress_frontend_css_customize" id="sportspress_frontend_css_customize" type="checkbox" value="1" <?php checked( $colors['customize'] ); ?>>
<?php _e( 'Enable', 'sportspress' ); ?> <?php esc_html_e( 'Enable', 'sportspress' ); ?>
</label> </label>
<?php endif; ?> <?php endif; ?>
</div> </div>

386
includes/class-sp-ajax.php
View File

File diff suppressed because it is too large Load Diff

4
includes/class-sp-template-loader.php
View File

@@ -34,7 +34,7 @@ class SP_Template_Loader {
// Return password form if required // Return password form if required
if ( post_password_required() ) { if ( post_password_required() ) {
echo get_the_password_form(); echo wp_kses_post( get_the_password_form() );
return; return;
} }
@@ -126,7 +126,7 @@ class SP_Template_Loader {
// Put tab content into buffer // Put tab content into buffer
ob_start(); ob_start();
if ( 'content' === $key ) { if ( 'content' === $key ) {
echo $content; echo wp_kses_post( $content );
} else { } else {
call_user_func( $template['action'] ); call_user_func( $template['action'] );
} }

2
includes/sp-deprecated-functions.php
View File

@@ -219,7 +219,7 @@ if ( ! function_exists( 'sp_get_short_name' ) ) {
if ( ! function_exists( 'sp_short_name' ) ) { if ( ! function_exists( 'sp_short_name' ) ) {
function sp_short_name( $post = 0 ) { function sp_short_name( $post = 0 ) {
echo sp_get_short_name( $post ); echo wp_kses_post( sp_get_short_name( $post ) );
} }
} }

4
sportspress.php
View File

@@ -89,7 +89,7 @@ if ( ! class_exists( 'SportsPress' ) ) :
* @since 0.7 * @since 0.7
*/ */
public function __clone() { public function __clone() {
_doing_it_wrong( __FUNCTION__, __( 'Cheatin&#8217; huh?', 'sportspress' ), '0.7' ); _doing_it_wrong( __FUNCTION__, esc_html__( 'Cheatin&#8217; huh?', 'sportspress' ), '0.7' );
} }
/** /**
@@ -98,7 +98,7 @@ if ( ! class_exists( 'SportsPress' ) ) :
* @since 0.7 * @since 0.7
*/ */
public function __wakeup() { public function __wakeup() {
_doing_it_wrong( __FUNCTION__, __( 'Cheatin&#8217; huh?', 'sportspress' ), '0.7' ); _doing_it_wrong( __FUNCTION__, esc_html__( 'Cheatin&#8217; huh?', 'sportspress' ), '0.7' );
} }
/** /**