Replace with most suitable escape functions
This commit is contained in:
Brian Miyaji
@@ -79,7 +79,7 @@ class SP_Admin_Dashboard {
|
||||
<li class="countdown" data-countdown="<?php echo str_replace( '-', '/', get_gmt_from_date( $next_event->post_date ) ); ?>">
|
||||
<a href="<?php echo get_edit_post_link( $next_event->ID ); ?>">
|
||||
<?php printf( __( '<strong>%s</strong> until next event', 'sportspress' ), $interval->days . ' ' . __( 'days', 'sportspress' ) . ' ' . sprintf( '%02s:%02s:%02s', $interval->h, $interval->i, $interval->s ) ); ?>
|
||||
(<?php echo esc_attr( $next_event->post_title ); ?>)
|
||||
(<?php echo esc_html( $next_event->post_title ); ?>)
|
||||
</a>
|
||||
</li>
|
||||
<?php endif; ?>
|
||||
@@ -113,7 +113,7 @@ class SP_Admin_Dashboard {
|
||||
<div class="rss-widget">
|
||||
<ul>
|
||||
<?php foreach ($rss_items as $item) { ?>
|
||||
<li><a class="rsswidget" href="<?php echo esc_url( $item->get_permalink() ); ?>" target="_blank"><?php echo esc_attr( $item->get_title() ); ?></a> <span class="rss-date"><?php echo esc_attr( $item->get_date('j F Y') ); ?></span></li>
|
||||
<li><a class="rsswidget" href="<?php echo esc_url( $item->get_permalink() ); ?>" target="_blank"><?php echo esc_attr( $item->get_title() ); ?></a> <span class="rss-date"><?php echo esc_html( $item->get_date('j F Y') ); ?></span></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
@@ -140,7 +140,7 @@ class SP_Admin_Setup_Wizard {
|
||||
<head>
|
||||
<meta name="viewport" content="width=device-width" />
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||
<title><?php _e( 'SportsPress', 'sportspress' ); ?> › <?php echo esc_attr( $this->steps[ $this->step ]['name'] ); ?></title>
|
||||
<title><?php _e( 'SportsPress', 'sportspress' ); ?> › <?php echo esc_html( $this->steps[ $this->step ]['name'] ); ?></title>
|
||||
<?php do_action( 'admin_print_styles' ); ?>
|
||||
<?php do_action( 'admin_head' ); ?>
|
||||
</head>
|
||||
@@ -264,7 +264,7 @@ class SP_Admin_Setup_Wizard {
|
||||
<?php
|
||||
foreach ( $options as $key => $val ) {
|
||||
?>
|
||||
<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $sport, $key ); ?>><?php echo esc_attr( $val ); ?></option>
|
||||
<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $sport, $key ); ?>><?php echo esc_html( $val ); ?></option>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
@@ -604,7 +604,7 @@ class SP_Admin_Setup_Wizard {
|
||||
if ( ! is_object( $obj ) ) continue;
|
||||
?>
|
||||
<tr>
|
||||
<th scope="row"><?php echo esc_attr( $obj->labels->singular_name ); ?></th>
|
||||
<th scope="row"><?php echo esc_html( $obj->labels->singular_name ); ?></th>
|
||||
<td><?php echo wp_kses_post( $description ); ?></td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
@@ -779,7 +779,7 @@ class SP_Admin_Setup_Wizard {
|
||||
<div class="sp-setup-next-steps">
|
||||
<?php foreach ( $steps as $class => $step ) { ?>
|
||||
<div class="sp-setup-next-steps-<?php echo esc_attr( $class ); ?>">
|
||||
<h2><?php echo esc_attr( $step['label'] ); ?></h2>
|
||||
<h2><?php echo esc_html( $step['label'] ); ?></h2>
|
||||
<ul>
|
||||
<li><?php echo wp_kses_post( $step['content'] ); ?></li>
|
||||
</ul>
|
||||
|
||||
@@ -475,7 +475,7 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
<?php
|
||||
foreach( (new SP_Formats)->event as $name => $title ) {
|
||||
?>
|
||||
<li><input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $name ); ?>" checked="checked"> <label for="post-format-<?php echo esc_attr( $name ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $name ); ?>"><?php echo esc_attr( $title ); ?></label></li>
|
||||
<li><input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $name ); ?>" value="<?php echo esc_attr( $name ); ?>" checked="checked"> <label for="post-format-<?php echo esc_attr( $name ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $name ); ?>"><?php echo esc_html( $title ); ?></label></li>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -101,7 +101,7 @@ if ( class_exists( 'WP_Importer' ) ) {
|
||||
<select name="sp_columns[]" data-index="<?php echo array_search( $selected, array_keys( $this->columns ) ); ?>">
|
||||
<option value="0">— <?php _e( 'Disable', 'sportspress' ); ?> —</option>
|
||||
<?php foreach ( $this->columns as $key => $label ): ?>
|
||||
<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $selected, $key ); ?>><?php echo esc_attr( $label ); ?></option>
|
||||
<option value="<?php echo esc_attr( $key ); ?>" <?php selected( $selected, $key ); ?>><?php echo esc_html( $label ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
<?php
|
||||
|
||||
@@ -82,7 +82,7 @@ class SP_Admin_CPT_Calendar extends SP_Admin_CPT {
|
||||
if ( ! $team_id ) continue;
|
||||
$team = get_post( $team_id );
|
||||
if ( $team ):
|
||||
echo esc_attr( $team->post_title );
|
||||
echo esc_html( $team->post_title );
|
||||
if ( $team_id == $current_team ):
|
||||
echo '<span class="dashicons dashicons-yes" title="' . __( 'Current Team', 'sportspress' ) . '"></span>';
|
||||
endif;
|
||||
|
||||
@@ -58,20 +58,20 @@ class SP_Admin_CPT_Column extends SP_Admin_CPT {
|
||||
switch ( $column ):
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name );
|
||||
echo esc_html( $post->post_name );
|
||||
break;
|
||||
case 'sp_equation':
|
||||
echo sp_get_post_equation( $post_id );
|
||||
echo esc_html( sp_get_post_equation( $post_id ) );
|
||||
break;
|
||||
case 'sp_precision':
|
||||
echo sp_get_post_precision( $post_id );
|
||||
echo esc_html( sp_get_post_precision( $post_id ) );
|
||||
break;
|
||||
case 'sp_order':
|
||||
echo sp_get_post_order( $post_id );
|
||||
echo esc_html( sp_get_post_order( $post_id ) );
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
echo '<span class="description">' . $post->post_excerpt . '</span>';
|
||||
echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -220,7 +220,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
|
||||
|
||||
echo '<a class="sp-result sp-tip" tabindex="10" title="' . esc_attr( $team_results ) . '" data-team="' . esc_attr( $team_id ) . '" href="#">' . ( $team_result == '' ? '-' : apply_filters( 'sportspress_event_team_result_admin', $team_result, $post_id, $team_id ) ) . '</a>';
|
||||
echo '<input type="text" tabindex="10" class="sp-edit-result hidden small-text" data-team="' . esc_attr( $team_id ) . '" data-key="' . esc_attr( $main_result ) . '" value="' . esc_attr( $team_result ) . '"> ';
|
||||
echo esc_attr( $team->post_title );
|
||||
echo esc_html( $team->post_title );
|
||||
echo '<br>';
|
||||
endif;
|
||||
endforeach;
|
||||
@@ -248,7 +248,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
|
||||
case 'sp_day':
|
||||
$day = get_post_meta ( $post_id, 'sp_day', true );
|
||||
if ( '' === $day ) $day = __( 'Default', 'sportspress' );
|
||||
echo esc_attr( $day );
|
||||
echo esc_html( $day );
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -85,7 +85,7 @@ class SP_Admin_CPT_List extends SP_Admin_CPT {
|
||||
foreach( $teams as $team_id ):
|
||||
if ( ! $team_id ) continue;
|
||||
$team = get_post( $team_id );
|
||||
if ( $team ) echo esc_attr( $team->post_title ) . '<br>';
|
||||
if ( $team ) echo esc_html( $team->post_title ) . '<br>';
|
||||
endforeach;
|
||||
endif;
|
||||
break;
|
||||
|
||||
@@ -55,11 +55,11 @@ class SP_Admin_CPT_Metric extends SP_Admin_CPT {
|
||||
switch ( $column ):
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name );
|
||||
echo esc_html( $post->post_name );
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
echo '<span class="description">' . $post->post_excerpt . '</span>';
|
||||
echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -56,15 +56,15 @@ class SP_Admin_CPT_Outcome extends SP_Admin_CPT {
|
||||
switch ( $column ):
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name );
|
||||
echo esc_html( $post->post_name );
|
||||
break;
|
||||
case 'sp_abbreviation':
|
||||
global $post;
|
||||
echo sp_get_post_abbreviation( $post->ID );
|
||||
echo esc_html( sp_get_post_abbreviation( $post->ID ) );
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
echo '<span class="description">' . $post->post_excerpt . '</span>';
|
||||
echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -61,19 +61,19 @@ class SP_Admin_CPT_Performance extends SP_Admin_CPT {
|
||||
break;
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name );
|
||||
echo esc_html( $post->post_name );
|
||||
break;
|
||||
case 'sp_section':
|
||||
global $post;
|
||||
echo sp_get_post_section( $post->ID );
|
||||
echo esc_html( sp_get_post_section( $post->ID ) );
|
||||
break;
|
||||
case 'sp_config_format':
|
||||
global $post;
|
||||
echo sp_get_post_format( $post->ID );
|
||||
echo esc_html( sp_get_post_format( $post->ID ) );
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
echo '<span class="description">' . $post->post_excerpt . '</span>';
|
||||
echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -110,7 +110,7 @@ class SP_Admin_CPT_Player extends SP_Admin_CPT {
|
||||
if ( ! $team_id ) continue;
|
||||
$team = get_post( $team_id );
|
||||
if ( $team ):
|
||||
echo esc_attr( $team->post_title );
|
||||
echo esc_html( $team->post_title );
|
||||
if ( in_array( $team_id, $current_teams ) ):
|
||||
echo '<span class="dashicons dashicons-yes" title="' . __( 'Current Team', 'sportspress' ) . '"></span>';
|
||||
endif;
|
||||
@@ -257,14 +257,14 @@ class SP_Admin_CPT_Player extends SP_Admin_CPT {
|
||||
<input type="hidden" name="sp_current_team[]" value="0">
|
||||
<ul class="cat-checklist">
|
||||
<?php foreach ( $teams as $team ) { ?>
|
||||
<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_current_team[]"> <?php echo esc_attr( $team->post_title ); ?></label></li>
|
||||
<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_current_team[]"> <?php echo esc_html( $team->post_title ); ?></label></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
<span class="title inline-edit-categories-label"><?php _e( 'Past Teams', 'sportspress' ); ?></span>
|
||||
<input type="hidden" name="sp_past_team[]" value="0">
|
||||
<ul class="cat-checklist">
|
||||
<?php foreach ( $teams as $team ) { ?>
|
||||
<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_past_team[]"> <?php echo esc_attr( $team->post_title ); ?></label></li>
|
||||
<li><label class="selectit"><input value="<?php echo esc_attr( $team->ID ); ?>" type="checkbox" name="sp_past_team[]"> <?php echo esc_html( $team->post_title ); ?></label></li>
|
||||
<?php } ?>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
@@ -55,7 +55,7 @@ class SP_Admin_CPT_Result extends SP_Admin_CPT {
|
||||
switch ( $column ):
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name ) . 'for, ' . esc_attr( $post->post_name ) . 'against';
|
||||
echo esc_html( $post->post_name ) . 'for, ' . esc_html( $post->post_name ) . 'against';
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
|
||||
@@ -55,11 +55,11 @@ class SP_Admin_CPT_Spec extends SP_Admin_CPT {
|
||||
switch ( $column ):
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name );
|
||||
echo esc_html( $post->post_name );
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
echo '<span class="description">' . $post->post_excerpt . '</span>';
|
||||
echo '<span class="description">' . wp_kses_post( $post->post_excerpt ) . '</span>';
|
||||
break;
|
||||
endswitch;
|
||||
}
|
||||
|
||||
@@ -92,7 +92,7 @@ class SP_Admin_CPT_Staff extends SP_Admin_CPT {
|
||||
if ( ! $team_id ) continue;
|
||||
$team = get_post( $team_id );
|
||||
if ( $team ):
|
||||
echo esc_attr( $team->post_title );
|
||||
echo esc_html( $team->post_title );
|
||||
if ( in_array( $team_id, $current_teams ) ):
|
||||
echo '<span class="dashicons dashicons-yes" title="' . __( 'Current Team', 'sportspress' ) . '"></span>';
|
||||
endif;
|
||||
|
||||
@@ -61,13 +61,13 @@ class SP_Admin_CPT_Statistic extends SP_Admin_CPT {
|
||||
break;
|
||||
case 'sp_key':
|
||||
global $post;
|
||||
echo esc_attr( $post->post_name );
|
||||
echo esc_html( $post->post_name );
|
||||
break;
|
||||
case 'sp_equation':
|
||||
echo sp_get_post_equation( $post_id );
|
||||
echo esc_html( sp_get_post_equation( $post_id ) );
|
||||
break;
|
||||
case 'sp_precision':
|
||||
echo sp_get_post_precision( $post_id );
|
||||
echo esc_html( sp_get_post_precision( $post_id ) );
|
||||
break;
|
||||
case 'sp_description':
|
||||
global $post;
|
||||
|
||||
@@ -24,7 +24,7 @@ class SP_Meta_Box_Calendar_Format {
|
||||
?>
|
||||
<div id="post-formats-select">
|
||||
<?php foreach ( SP()->formats->calendar as $key => $format ): ?>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'calendar' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></label><br>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'calendar' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></label><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -85,7 +85,7 @@ class SP_Meta_Box_Player_Details {
|
||||
<?php foreach ( $continents as $continent => $countries ): ?>
|
||||
<optgroup label="<?php echo esc_attr( $continent ); ?>">
|
||||
<?php foreach ( $countries as $code => $country ): ?>
|
||||
<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_attr( $country ); ?></option>
|
||||
<option value="<?php echo esc_attr( $code ); ?>" <?php selected ( in_array( $code, $nationalities ) ); ?>><?php echo esc_html( $country ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</optgroup>
|
||||
<?php endforeach; ?>
|
||||
|
||||
@@ -81,7 +81,7 @@ class SP_Meta_Box_Table_Details {
|
||||
do_action( 'sportspress_meta_box_table_details', $post->ID );
|
||||
?>
|
||||
<p><strong>
|
||||
<?php echo sp_get_post_mode_label( $post->ID ); ?>
|
||||
<?php echo esc_html( sp_get_post_mode_label( $post->ID ) ); ?>
|
||||
</strong></p>
|
||||
<p class="sp-select-setting">
|
||||
<select name="sp_select">
|
||||
|
||||
@@ -24,7 +24,7 @@ class SP_Meta_Box_Table_Format {
|
||||
?>
|
||||
<div id="post-formats-select">
|
||||
<?php foreach ( SP()->formats->table as $key => $format ): ?>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'standings' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></label><br>
|
||||
<input type="radio" name="sp_format" class="post-format" id="post-format-<?php echo esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" <?php checked( true, ( $key == 'standings' && ! $the_format ) || $the_format == $key ); ?>> <label for="post-format-<?php echo esc_attr( $key ); ?>" class="post-format-icon post-format-<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></label><br>
|
||||
<?php endforeach; ?>
|
||||
</div>
|
||||
<?php
|
||||
|
||||
@@ -39,8 +39,8 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
|
||||
<tr<?php if ( $i % 2 == 0 ) echo ' class="alternate"'; ?>>
|
||||
<td class="row-title"><?php echo esc_attr( $row->post_title ); ?></td>
|
||||
<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
|
||||
<td><?php echo sp_get_post_abbreviation( $row->ID ); ?></td>
|
||||
<td><?php echo sp_get_post_condition( $row->ID ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_abbreviation( $row->ID ) ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_condition( $row->ID ) ); ?></td>
|
||||
<td><p class="description"><?php echo wp_kses_post( $row->post_excerpt ); ?></p></td>
|
||||
<td class="edit"><a class="button" href="<?php echo get_edit_post_link( $row->ID ); ?>"><?php _e( 'Edit', 'sportspress' ); ?></s></td>
|
||||
</tr>
|
||||
@@ -216,8 +216,8 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
|
||||
</td>
|
||||
<td class="row-title"><?php echo esc_html( $row->post_title ); ?></td>
|
||||
<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
|
||||
<td><?php echo sp_get_post_section( $row->ID ); ?></td>
|
||||
<td><?php echo sp_get_post_format( $row->ID ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_section( $row->ID ) ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_format( $row->ID ) ); ?></td>
|
||||
<?php if ( 'auto' === $columns ) { ?>
|
||||
<td>
|
||||
<?php if ( $visible ) { ?><i class="dashicons dashicons-yes"></i><?php } else { ?> <?php } ?>
|
||||
|
||||
Reference in New Issue
Block a user