asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape output vars of includes files (#1)

Browse Source
This commit is contained in:
savvasha
2021-11-06 12:34:49 +02:00
parent 0c9a9dc104
commit e24a9fa4eb
4 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
includes/class-sp-ajax.php
View File

@@ -554,7 +554,7 @@ class SP_AJAX {
<option value="default">Default</option> <option value="default">Default</option>
<option value="all">All</option> <option value="all">All</option>
<?php foreach ( SP()->formats->event as $key => $format ): ?> <?php foreach ( SP()->formats->event as $key => $format ): ?>
<option value="<?php echo $key; ?>"><?php echo $format; ?></option> <option value="<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></option>
<?php endforeach; ?> <?php endforeach; ?>
</select> </select>
</label> </label>
@@ -634,7 +634,7 @@ class SP_AJAX {
$field_id = 'columns'; $field_id = 'columns';
?> ?>
<?php foreach ( $the_columns as $key => $label ): ?> <?php foreach ( $the_columns as $key => $label ): ?>
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . $key; ?>" value="<?php echo $key; ?>" checked="checked"><?php echo $label; ?></label> <label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . $key; ?>" value="<?php echo $key; ?>" checked="checked"><?php echo esc_html( $label ); ?></label>
<?php endforeach; ?> <?php endforeach; ?>
</p> </p>
<p> <p>
@@ -761,7 +761,7 @@ class SP_AJAX {
<option value="default">Default</option> <option value="default">Default</option>
<option value="all">All</option> <option value="all">All</option>
<?php foreach ( SP()->formats->event as $key => $format ): ?> <?php foreach ( SP()->formats->event as $key => $format ): ?>
<option value="<?php echo $key; ?>"><?php echo $format; ?></option> <option value="<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></option>
<?php endforeach; ?> <?php endforeach; ?>
</select> </select>
</label> </label>
@@ -898,7 +898,7 @@ class SP_AJAX {
$field_id = 'columns'; $field_id = 'columns';
?> ?>
<?php foreach ( $the_columns as $column ): ?> <?php foreach ( $the_columns as $column ): ?>
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . $column->post_name; ?>" value="<?php echo $column->post_name; ?>" checked="checked"><?php echo $column->post_title; ?></label> <label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
<?php endforeach; ?> <?php endforeach; ?>
</p> </p>
<p> <p>
@@ -1152,7 +1152,7 @@ class SP_AJAX {
<label class="button"><input name="columns[]" type="checkbox" id="columns-team" value="team" checked="checked"><?php _e( 'Team', 'sportspress' ); ?></label> <label class="button"><input name="columns[]" type="checkbox" id="columns-team" value="team" checked="checked"><?php _e( 'Team', 'sportspress' ); ?></label>
<label class="button"><input name="columns[]" type="checkbox" id="columns-position" value="position" checked="checked"><?php _e( 'Position', 'sportspress' ); ?></label> <label class="button"><input name="columns[]" type="checkbox" id="columns-position" value="position" checked="checked"><?php _e( 'Position', 'sportspress' ); ?></label>
<?php foreach ( $the_columns as $column ): ?> <?php foreach ( $the_columns as $column ): ?>
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . $column->post_name; ?>" value="<?php echo $column->post_name; ?>" checked="checked"><?php echo $column->post_title; ?></label> <label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
<?php endforeach; ?> <?php endforeach; ?>
</p> </p>
<p> <p>

4
includes/class-sp-countries.php
View File

@@ -748,9 +748,9 @@ class SP_Countries {
public function country_dropdown_options( $selected_country = '', $escape = false ) { public function country_dropdown_options( $selected_country = '', $escape = false ) {
if ( $this->continents ) foreach ( $this->continents as $continent => $countries ): if ( $this->continents ) foreach ( $this->continents as $continent => $countries ):
?> ?>
<optgroup label="<?php echo $continent; ?>"> <optgroup label="<?php echo esc_attr( $continent ); ?>">
<?php foreach ( $countries as $code => $country ): ?> <?php foreach ( $countries as $code => $country ): ?>
<option value="<?php echo $code; ?>" <?php selected ( $selected_country, $code ); ?>><?php echo $country; ?></option> <option value="<?php echo esc_attr( $code ); ?>" <?php selected ( $selected_country, $code ); ?>><?php echo esc_html( $country ); ?></option>
<?php endforeach; ?> <?php endforeach; ?>
</optgroup> </optgroup>
<?php <?php

4
includes/class-sp-shortcodes.php
View File

@@ -66,9 +66,9 @@ class SP_Shortcodes {
$before = empty( $wrapper['before'] ) ? '<div class="' . esc_attr( $wrapper['class'] ) . '">' : $wrapper['before']; $before = empty( $wrapper['before'] ) ? '<div class="' . esc_attr( $wrapper['class'] ) . '">' : $wrapper['before'];
$after = empty( $wrapper['after'] ) ? '</div>' : $wrapper['after']; $after = empty( $wrapper['after'] ) ? '</div>' : $wrapper['after'];
echo $before; echo esc_html( $before );
call_user_func( $function, $atts ); call_user_func( $function, $atts );
echo $after; echo esc_html( $after );
return ob_get_clean(); return ob_get_clean();
} }

2
includes/class-sp-template-loader.php
View File

@@ -80,7 +80,7 @@ class SP_Template_Loader {
// Render the template // Render the template
echo '<div class="sp-section-content sp-section-content-' . $key . '">'; echo '<div class="sp-section-content sp-section-content-' . $key . '">';
if ( 'content' === $key ) { if ( 'content' === $key ) {
echo $content; echo wp_kses_post( $content );
// Template content hook // Template content hook
do_action( 'sportspress_single_' . $type . '_content' ); do_action( 'sportspress_single_' . $type . '_content' );
} else { } else {