asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escaping vars from class-sp-ajax, class-sp-settings-status, class-sp-template-loader, class-sp-admin-dashboard and class-sp-widget-birthdays

Browse Source
This commit is contained in:
Savvas Hadjigeorgiou
2021-11-09 08:24:23 +02:00
parent 716456c1de
commit e58beb1201
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/class-sp-admin-dashboard.php
View File

@@ -54,7 +54,7 @@ class SP_Admin_Dashboard {
else:
$output = '<span>' . $text . '</span>';
endif;
echo '<li class="post-count ' . $post_type->name . '-count">' . $output . '</li>';
echo '<li class="post-count ' . eac_attr( $post_type->name ) . '-count">' . esc_html( $output ) . '</li>';
endif;
endforeach;
return $items;

6
includes/admin/settings/class-sp-settings-status.php
View File

@@ -245,7 +245,7 @@ class SP_Settings_Status extends SP_Settings_Page {
if ( sizeof( $sp_plugins ) == 0 )
echo '-';
else
echo implode( ', <br/>', $sp_plugins );
echo implode( ', <br/>', array_map( 'wp_kses_post', $sp_plugins ) );
?></td>
</tr>
@@ -510,8 +510,8 @@ class SP_Settings_Status extends SP_Settings_Page {
if ( $found_files ) {
foreach ( $found_files as $plugin_name => $found_plugin_files ) {
?>
<td><?php _e( 'Template Overrides', 'sportspress' ); ?> (<?php echo $plugin_name; ?>):</td>
<td><?php echo implode( ', <br/>', $found_plugin_files ); ?></td>
<td><?php _e( 'Template Overrides', 'sportspress' ); ?> (<?php echo wp_kses_post( $plugin_name ); ?>):</td>
<td><?php echo implode( ', <br/>', array_map( 'wp_kses_post', $found_plugin_files ) ); ?></td>
<?php
}
} else {