asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escape Include files vars (#1)

Browse Source
This commit is contained in:
savvasha
2021-11-06 12:38:37 +02:00
parent e24a9fa4eb c87764cc02
commit 93cd99d5d7
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
includes/admin/importers/class-sp-importer.php
View File

@@ -231,7 +231,7 @@ if ( class_exists( 'WP_Importer' ) ) {
if ( file_exists( ABSPATH . $_POST['file_url'] ) ) {
$this->file_url = esc_attr( $_POST['file_url'] );
$this->file_url = sanitize_url( $_POST['file_url'] );
} else {

8
includes/admin/post-types/class-sp-admin-cpt-event.php
View File

@@ -262,7 +262,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
if ( $typenow != 'sp_event' )
return;
$selected = isset( $_REQUEST['team'] ) ? esc_attr( $_REQUEST['team'] ) : null;
$selected = isset( $_REQUEST['team'] ) ? sanitize_key( $_REQUEST['team'] ) : null;
$args = array(
'post_type' => 'sp_team',
'name' => 'team',
@@ -272,7 +272,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
);
wp_dropdown_pages( $args );
$selected = isset( $_REQUEST['sp_league'] ) ? esc_attr( $_REQUEST['sp_league'] ) : null;
$selected = isset( $_REQUEST['sp_league'] ) ? sanitize_key( $_REQUEST['sp_league'] ) : null;
$args = array(
'show_option_all' => __( 'Show all leagues', 'sportspress' ),
'taxonomy' => 'sp_league',
@@ -281,7 +281,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
);
sp_dropdown_taxonomies( $args );
$selected = isset( $_REQUEST['sp_season'] ) ? esc_attr( $_REQUEST['sp_season'] ) : null;
$selected = isset( $_REQUEST['sp_season'] ) ? sanitize_key( $_REQUEST['sp_season'] ) : null;
$args = array(
'show_option_all' => __( 'Show all seasons', 'sportspress' ),
'taxonomy' => 'sp_season',
@@ -290,7 +290,7 @@ class SP_Admin_CPT_Event extends SP_Admin_CPT {
);
sp_dropdown_taxonomies( $args );
$selected = isset( $_REQUEST['match_day'] ) ? esc_attr( $_REQUEST['match_day'] ) : null;
$selected = isset( $_REQUEST['match_day'] ) ? sanitize_text_field( $_REQUEST['match_day'] ) : null;
echo '<input name="match_day" type="text" class="sp-tablenav-input" placeholder="' . __( 'Match Day', 'sportspress' ) . '" value="' . $selected . '">';
if ( current_user_can( 'edit_others_sp_events' ) )

4
includes/admin/settings/class-sp-settings-modules.php
View File

@@ -222,8 +222,8 @@ class SP_Settings_Modules extends SP_Settings_Page {
<tr class="sp-module-unavailable"><td>
<input type="checkbox" disabled="disabled">
<span class="sp-desc-tip" title="<?php echo sp_array_value( $module, 'tip', __( 'Upgrade to Pro', 'sportspress' ) ); ?>">
<i class="<?php echo sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ); ?>"></i>
<?php echo sp_array_value( $module, 'label', $id ); ?>
<i class="<?php echo esc_attr( sp_array_value( $module, 'icon', 'dashicons dashicons-admin-generic' ) ); ?>"></i>
<?php echo esc_html( sp_array_value( $module, 'label', $id ) ); ?>
</span>
<?php if ( isset( $module['desc'] ) ) { ?>
<span class="sp-desc">

2
includes/sp-template-functions.php
View File

@@ -86,7 +86,7 @@ if ( ! function_exists( 'sportspress_taxonomy_archive_description' ) ) {
if ( is_tax( array( 'sp_season', 'sp_league', 'sp_venue', 'sp_position' ) ) && get_query_var( 'paged' ) == 0 ) {
$description = apply_filters( 'the_content', term_description() );
if ( $description ) {
echo '<div class="term-description">' . $description . '</div>';
echo '<div class="term-description">' . esc_html( $description ) . '</div>';
}
}
}