asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escaping vars from class-sp-ajax, class-sp-settings-status, class-sp-template-loader, class-sp-admin-dashboard and class-sp-widget-birthdays

Browse Source
This commit is contained in:
Savvas Hadjigeorgiou
2021-11-09 08:24:23 +02:00
parent 716456c1de
commit e58beb1201
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/class-sp-template-loader.php
View File

@@ -78,7 +78,7 @@ class SP_Template_Loader {
if ( 'yes' !== get_option( $template['option'], sp_array_value( $template, 'default', 'yes' ) ) ) continue;
// Render the template
echo '<div class="sp-section-content sp-section-content-' . $key . '">';
echo '<div class="sp-section-content sp-section-content-' . esc_attr( $key ) . '">';
if ( 'content' === $key ) {
echo wp_kses_post( $content );
// Template content hook