Escape outputs

2021-11-13 20:42:08 +09:00
parent 051d3e3055
commit 23ba2446b1
190 changed files with 2837 additions and 2837 deletions
--- a/templates/team-staff.php
+++ b/templates/team-staff.php
@@ -31,7 +31,7 @@ foreach ( $members as $staff ) :
 		$name  = '<span class="sp-staff-role">' . implode( '<span class="sp-staff-role-delimiter">/</span>', $roles ) . '</span> ' . $name;
 	endif;
 	?>
-	<h4 class="sp-staff-name"><?php echo $link_staff ? '<a href="' . get_permalink( $id ) . '">' . $name . '</a>' : $name; ?></h4>
+	<h4 class="sp-staff-name"><?php echo $link_staff ? '<a href="' . esc_url( get_permalink( $id ) ) . '">' . wp_kses_post( $name ) . '</a>' : wp_kses_post( $name ); ?></h4>
 	<?php
 	sp_get_template( 'staff-photo.php', array( 'id' => $id ) );
 	sp_get_template( 'staff-details.php', array( 'id' => $id ) );