asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escaping vars from class-sp-ajax, class-sp-settings-status, class-sp-template-loader, class-sp-admin-dashboard and class-sp-widget-birthdays

Browse Source
This commit is contained in:
Savvas Hadjigeorgiou
2021-11-09 08:24:23 +02:00
parent 716456c1de
commit e58beb1201
5 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/class-sp-admin-dashboard.php
View File

@@ -54,7 +54,7 @@ class SP_Admin_Dashboard {
else: else:
$output = '<span>' . $text . '</span>'; $output = '<span>' . $text . '</span>';
endif; endif;
echo '<li class="post-count ' . $post_type->name . '-count">' . $output . '</li>'; echo '<li class="post-count ' . eac_attr( $post_type->name ) . '-count">' . esc_html( $output ) . '</li>';
endif; endif;
endforeach; endforeach;
return $items; return $items;

6
includes/admin/settings/class-sp-settings-status.php
View File

@@ -245,7 +245,7 @@ class SP_Settings_Status extends SP_Settings_Page {
if ( sizeof( $sp_plugins ) == 0 ) if ( sizeof( $sp_plugins ) == 0 )
echo '-'; echo '-';
else else
echo implode( ', <br/>', $sp_plugins ); echo implode( ', <br/>', array_map( 'wp_kses_post', $sp_plugins ) );
?></td> ?></td>
</tr> </tr>
@@ -510,8 +510,8 @@ class SP_Settings_Status extends SP_Settings_Page {
if ( $found_files ) { if ( $found_files ) {
foreach ( $found_files as $plugin_name => $found_plugin_files ) { foreach ( $found_files as $plugin_name => $found_plugin_files ) {
?> ?>
<td><?php _e( 'Template Overrides', 'sportspress' ); ?> (<?php echo $plugin_name; ?>):</td> <td><?php _e( 'Template Overrides', 'sportspress' ); ?> (<?php echo wp_kses_post( $plugin_name ); ?>):</td>
<td><?php echo implode( ', <br/>', $found_plugin_files ); ?></td> <td><?php echo implode( ', <br/>', array_map( 'wp_kses_post', $found_plugin_files ) ); ?></td>
<?php <?php
} }
} else { } else {

6
includes/class-sp-ajax.php
View File

@@ -634,7 +634,7 @@ class SP_AJAX {
$field_id = 'columns'; $field_id = 'columns';
?> ?>
<?php foreach ( $the_columns as $key => $label ): ?> <?php foreach ( $the_columns as $key => $label ): ?>
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . $key; ?>" value="<?php echo $key; ?>" checked="checked"><?php echo esc_html( $label ); ?></label> <label class="button"><input name="<?php echo esc_attr( $field_name ); ?>" type="checkbox" id="<?php echo esc_attr( $field_id ) . '-' . esc_attr( $key ); ?>" value="<?php echo esc_attr( $key ); ?>" checked="checked"><?php echo esc_html( $label ); ?></label>
<?php endforeach; ?> <?php endforeach; ?>
</p> </p>
<p> <p>
@@ -898,7 +898,7 @@ class SP_AJAX {
$field_id = 'columns'; $field_id = 'columns';
?> ?>
<?php foreach ( $the_columns as $column ): ?> <?php foreach ( $the_columns as $column ): ?>
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label> <label class="button"><input name="<?php echo esc_attr( $field_name ); ?>" type="checkbox" id="<?php echo esc_attr( $field_id ) . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
<?php endforeach; ?> <?php endforeach; ?>
</p> </p>
<p> <p>
@@ -1152,7 +1152,7 @@ class SP_AJAX {
<label class="button"><input name="columns[]" type="checkbox" id="columns-team" value="team" checked="checked"><?php _e( 'Team', 'sportspress' ); ?></label> <label class="button"><input name="columns[]" type="checkbox" id="columns-team" value="team" checked="checked"><?php _e( 'Team', 'sportspress' ); ?></label>
<label class="button"><input name="columns[]" type="checkbox" id="columns-position" value="position" checked="checked"><?php _e( 'Position', 'sportspress' ); ?></label> <label class="button"><input name="columns[]" type="checkbox" id="columns-position" value="position" checked="checked"><?php _e( 'Position', 'sportspress' ); ?></label>
<?php foreach ( $the_columns as $column ): ?> <?php foreach ( $the_columns as $column ): ?>
<label class="button"><input name="<?php echo $field_name; ?>" type="checkbox" id="<?php echo $field_id . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label> <label class="button"><input name="<?php echo esc_attr( $field_name ); ?>" type="checkbox" id="<?php echo esc_attr( $field_id ) . '-' . esc_attr( $column->post_name ); ?>" value="<?php echo esc_attr( $column->post_name ); ?>" checked="checked"><?php echo esc_html( $column->post_title ); ?></label>
<?php endforeach; ?> <?php endforeach; ?>
</p> </p>
<p> <p>

2
includes/class-sp-template-loader.php
View File

@@ -78,7 +78,7 @@ class SP_Template_Loader {
if ( 'yes' !== get_option( $template['option'], sp_array_value( $template, 'default', 'yes' ) ) ) continue; if ( 'yes' !== get_option( $template['option'], sp_array_value( $template, 'default', 'yes' ) ) ) continue;
// Render the template // Render the template
echo '<div class="sp-section-content sp-section-content-' . $key . '">'; echo '<div class="sp-section-content sp-section-content-' . esc_attr( $key ) . '">';
if ( 'content' === $key ) { if ( 'content' === $key ) {
echo wp_kses_post( $content ); echo wp_kses_post( $content );
// Template content hook // Template content hook

2
includes/widgets/class-sp-widget-birthdays.php
View File

@@ -77,7 +77,7 @@ class SP_Widget_Birthdays extends WP_Widget {
<label for="<?php echo $this->get_field_id('birthday_format'); ?>"><?php _e( 'Format:', 'sportspress' ); ?></label> <label for="<?php echo $this->get_field_id('birthday_format'); ?>"><?php _e( 'Format:', 'sportspress' ); ?></label>
<select name="<?php echo $this->get_field_name('birthday_format'); ?>" id="<?php echo $this->get_field_id('birthday_format'); ?>" class="postform widefat"> <select name="<?php echo $this->get_field_name('birthday_format'); ?>" id="<?php echo $this->get_field_id('birthday_format'); ?>" class="postform widefat">
<?php foreach ( $birthday_options as $value => $label ) { ?> <?php foreach ( $birthday_options as $value => $label ) { ?>
<option value="<?php echo $value; ?>" <?php selected( $value, $birthday_format ); ?>><?php echo $label; ?></option> <option value="<?php echo $value; ?>" <?php selected( $value, $birthday_format ); ?>><?php echo esc_html( $label ); ?></option>
<?php } ?> <?php } ?>
</select> </select>
</p> </p>