Replace settings outputs with suitable escape functions
This commit is contained in:
Brian Miyaji
@@ -356,7 +356,7 @@ class SP_Settings_General extends SP_Settings_Page {
|
||||
<fieldset>
|
||||
<?php foreach ( $color_schemes as $name => $colors ) { ?>
|
||||
<div class="color-option sp-color-option">
|
||||
<label data-sp-colors="<?php echo implode( ',', $colors ); ?>"><?php echo esc_attr( $name ); ?></label>
|
||||
<label data-sp-colors="<?php echo implode( ',', $colors ); ?>"><?php echo esc_html( $name ); ?></label>
|
||||
<table class="color-palette">
|
||||
<tbody>
|
||||
<tr>
|
||||
|
||||
@@ -62,7 +62,7 @@ class SP_Settings_Licenses extends SP_Settings_Page {
|
||||
$status = get_site_option( 'sportspress_' . $id . '_license_status', false );
|
||||
?>
|
||||
<div class="sp-settings-section sp-settings-section-license_options">
|
||||
<h3><?php echo esc_attr( $license['name'] ); ?></h3>
|
||||
<h3><?php echo esc_html( $license['name'] ); ?></h3>
|
||||
<table class="form-table sp-licenses-table">
|
||||
<tbody>
|
||||
<tr>
|
||||
|
||||
@@ -193,7 +193,7 @@ class SP_Settings_Modules extends SP_Settings_Page {
|
||||
<tbody>
|
||||
<tr><td>
|
||||
<?php foreach ( $categories as $slug => $category ) { ?>
|
||||
<p><strong><i class="<?php echo esc_attr( $category['icon'] ); ?>"></i> <?php echo esc_attr( $category['label'] ); ?></strong></p>
|
||||
<p><strong><i class="<?php echo esc_attr( $category['icon'] ); ?>"></i> <?php echo esc_html( $category['label'] ); ?></strong></p>
|
||||
<ul class="sp-<?php echo esc_attr( $slug ); ?>-links">
|
||||
<?php foreach ( $category['links'] as $url => $text ) { ?>
|
||||
<li><a href="<?php echo esc_url( $url ); ?>" target="_blank"><?php echo wp_kses_post( $text ); ?></a></li>
|
||||
|
||||
@@ -390,7 +390,7 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
<td>
|
||||
<?php
|
||||
$object = get_post_type_object( $post_type );
|
||||
echo esc_attr( $object->labels->name );
|
||||
echo esc_html( $object->labels->name );
|
||||
?>:
|
||||
</td>
|
||||
<td>
|
||||
@@ -442,13 +442,13 @@ class SP_Settings_Status extends SP_Settings_Page {
|
||||
<tr>
|
||||
<td><?php _e( 'Theme Name', 'sportspress' ); ?>:</td>
|
||||
<td><?php
|
||||
echo esc_attr( $active_theme->Name );
|
||||
echo esc_html( $active_theme->Name );
|
||||
?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><?php _e( 'Theme Version', 'sportspress' ); ?>:</td>
|
||||
<td><?php
|
||||
echo esc_attr( $active_theme->Version );
|
||||
echo esc_html( $active_theme->Version );
|
||||
|
||||
if ( ! empty( $theme_version_data['version'] ) && version_compare( $theme_version_data['version'], $active_theme->Version, '!=' ) )
|
||||
echo ' – <strong style="color:red;">' . $theme_version_data['version'] . ' ' . __( 'is available', 'sportspress' ) . '</strong>';
|
||||
|
||||
@@ -37,8 +37,8 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
|
||||
</thead>
|
||||
<?php if ( $data ): $i = 0; foreach ( $data as $row ): ?>
|
||||
<tr<?php if ( $i % 2 == 0 ) echo ' class="alternate"'; ?>>
|
||||
<td class="row-title"><?php echo esc_attr( $row->post_title ); ?></td>
|
||||
<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
|
||||
<td class="row-title"><?php echo esc_html( $row->post_title ); ?></td>
|
||||
<td><code><?php echo esc_html( $row->post_name ); ?></code></td>
|
||||
<td><?php echo esc_html( sp_get_post_abbreviation( $row->ID ) ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_condition( $row->ID ) ); ?></td>
|
||||
<td><p class="description"><?php echo wp_kses_post( $row->post_excerpt ); ?></p></td>
|
||||
@@ -114,7 +114,7 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
|
||||
<tr<?php if ( $i % 2 == 0 ) echo ' class="alternate"'; ?>>
|
||||
<td class="radio"><input type="radio" class="sp-primary-result-option" id="sportspress_primary_result_<?php echo esc_attr( $row->post_name ); ?>" name="sportspress_primary_result" value="<?php echo esc_attr( $row->post_name ); ?>" <?php checked( $selection, $row->post_name ); ?>></td>
|
||||
<td class="row-title"><label for="sportspress_primary_result_<?php echo esc_attr( $row->post_name ); ?>"><?php echo esc_html( $row->post_title ); ?></label></td>
|
||||
<td><code><?php echo esc_attr( $row->post_name ); ?>for</code>, <code><?php echo esc_attr( $row->post_name ); ?>against</code></td>
|
||||
<td><code><?php echo esc_html( $row->post_name ); ?>for</code>, <code><?php echo esc_html( $row->post_name ); ?>against</code></td>
|
||||
<td><?php echo esc_html( sp_get_post_equation( $row->ID ) ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_precision( $row->ID ) ); ?></td>
|
||||
<td><p class="description"><?php echo wp_kses_post( $row->post_excerpt ); ?></p></td>
|
||||
@@ -215,7 +215,7 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
|
||||
?>
|
||||
</td>
|
||||
<td class="row-title"><?php echo esc_html( $row->post_title ); ?></td>
|
||||
<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
|
||||
<td><code><?php echo esc_html( $row->post_name ); ?></code></td>
|
||||
<td><?php echo esc_html( sp_get_post_section( $row->ID ) ); ?></td>
|
||||
<td><?php echo esc_html( sp_get_post_format( $row->ID ) ); ?></td>
|
||||
<?php if ( 'auto' === $columns ) { ?>
|
||||
@@ -326,7 +326,7 @@ $columns = get_option( 'sportspress_player_columns', 'auto' );
|
||||
<?php if ( $data ): $i = 0; foreach ( $data as $row ): ?>
|
||||
<tr<?php if ( $i % 2 == 0 ) echo ' class="alternate"'; ?>>
|
||||
<td class="row-title"><?php echo esc_html( $row->post_title ); ?></td>
|
||||
<td><code><?php echo esc_attr( $row->post_name ); ?></code></td>
|
||||
<td><code><?php echo esc_html( $row->post_name ); ?></code></td>
|
||||
<td><p class="description"><?php echo wp_kses_post( $row->post_excerpt ); ?></p></td>
|
||||
<td class="edit"><a class="button" href="<?php echo get_edit_post_link( $row->ID ); ?>"><?php _e( 'Edit', 'sportspress' ); ?></s></td>
|
||||
</tr>
|
||||
|
||||
@@ -349,7 +349,7 @@
|
||||
<td>
|
||||
<?php
|
||||
$object = get_post_type_object( $post_type );
|
||||
echo esc_attr( $object->labels->name );
|
||||
echo esc_html( $object->labels->name );
|
||||
?>:
|
||||
</td>
|
||||
<td>
|
||||
@@ -401,7 +401,7 @@
|
||||
<tr>
|
||||
<td><?php _e( 'Theme Name', 'sportspress' ); ?>:</td>
|
||||
<td><?php
|
||||
echo esc_attr( $active_theme->Name );
|
||||
echo esc_html( $active_theme->Name );
|
||||
?></td>
|
||||
</tr>
|
||||
<tr>
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<h2><?php echo apply_filters( 'sportspress_logo', '<img src="' . plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/modules/sportspress' . ( class_exists( 'SportsPress_Pro' ) ? '-pro' : '' ) . '.png" alt="' . __( 'SportsPress', 'sportspress' ) . '" class="sp-settings-logo">' ); ?></h2>
|
||||
<form method="post" id="mainform" action="" enctype="multipart/form-data">
|
||||
<h2 class="nav-tab-wrapper sp-nav-tab-wrapper">
|
||||
<?php foreach ( $tabs as $name => $label ): ?><a href="<?php echo admin_url( 'admin.php?page=sportspress&tab=' . $name ); ?>" class="nav-tab <?php echo ( $current_tab == $name ? 'nav-tab-active' : '' ); ?>"><?php echo esc_attr( $label ); ?></a><?php endforeach; ?>
|
||||
<?php foreach ( $tabs as $name => $label ): ?><a href="<?php echo admin_url( 'admin.php?page=sportspress&tab=' . $name ); ?>" class="nav-tab <?php echo ( $current_tab == $name ? 'nav-tab-active' : '' ); ?>"><?php echo esc_html( $label ); ?></a><?php endforeach; ?>
|
||||
<?php do_action( 'sportspress_settings_tabs' ); ?>
|
||||
</h2>
|
||||
<?php
|
||||
|
||||
@@ -554,7 +554,7 @@ class SP_AJAX {
|
||||
<option value="default">Default</option>
|
||||
<option value="all">All</option>
|
||||
<?php foreach ( SP()->formats->event as $key => $format ): ?>
|
||||
<option value="<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></option>
|
||||
<option value="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
</label>
|
||||
@@ -761,7 +761,7 @@ class SP_AJAX {
|
||||
<option value="default">Default</option>
|
||||
<option value="all">All</option>
|
||||
<?php foreach ( SP()->formats->event as $key => $format ): ?>
|
||||
<option value="<?php echo esc_attr( $key ); ?>"><?php echo esc_attr( $format ); ?></option>
|
||||
<option value="<?php echo esc_attr( $key ); ?>"><?php echo esc_html( $format ); ?></option>
|
||||
<?php endforeach; ?>
|
||||
</select>
|
||||
</label>
|
||||
|
||||
@@ -730,7 +730,7 @@ class SP_Countries {
|
||||
* @return string
|
||||
*/
|
||||
public function get_base_country() {
|
||||
$default = esc_attr( get_option('sportspress_default_country') );
|
||||
$default = get_option('sportspress_default_country');
|
||||
$country = ( ( $pos = strrpos( $default, ':' ) ) === false ) ? $default : substr( $default, 0, $pos );
|
||||
|
||||
return apply_filters( 'sportspress_countries_base_country', $country );
|
||||
|
||||
@@ -86,7 +86,7 @@ if ( ! function_exists( 'sportspress_taxonomy_archive_description' ) ) {
|
||||
if ( is_tax( array( 'sp_season', 'sp_league', 'sp_venue', 'sp_position' ) ) && get_query_var( 'paged' ) == 0 ) {
|
||||
$description = apply_filters( 'the_content', term_description() );
|
||||
if ( $description ) {
|
||||
echo '<div class="term-description">' . esc_html( $description ) . '</div>';
|
||||
echo '<div class="term-description">' . wp_kses_post( $description ) . '</div>';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user