asc/sportspress
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Escapes based on phpcs #10

Browse Source
This commit is contained in:
Savvas Hadjigeorgiou
2021-11-12 08:32:21 +02:00
parent bec7a43b42
commit c2ec328798
3 changed files with 39 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
includes/admin/class-sp-admin-taxonomies.php
View File

@@ -76,7 +76,7 @@ class SP_Admin_Taxonomies {
<?php if ( function_exists( 'get_term_meta' ) ) { ?>
<?php $order = get_term_meta( $t_id, 'sp_order', true ); ?>
<tr class="form-field">
<th scope="row" valign="top"><label for="sp_order"><?php _e( 'Order', 'sportspress' ); ?></label></th>
<th scope="row" valign="top"><label for="sp_order"><?php esc_html_e( 'Order', 'sportspress' ); ?></label></th>
<td><input name="sp_order" class="sp-number-input" type="text" step="1" size="4" id="sp_order" value="<?php echo (int) $order; ?>"></td>
</tr>
<?php } ?>
@@ -115,18 +115,18 @@ class SP_Admin_Taxonomies {
?>
<div class="form-field">
<div id="sp-location-picker" class="sp-location-picker" style="width: 95%; height: 320px"></div>
<p><?php _e( "Drag the marker to the venue's location.", 'sportspress' ); ?></p>
<p><?php esc_html_e( "Drag the marker to the venue's location.", 'sportspress' ); ?></p>
</div>
<div class="form-field">
<label for="term_meta[sp_address]"><?php _e( 'Address', 'sportspress' ); ?></label>
<label for="term_meta[sp_address]"><?php esc_html_e( 'Address', 'sportspress' ); ?></label>
<input type="text" class="sp-address" name="term_meta[sp_address]" id="term_meta[sp_address]" value="<?php echo esc_attr( $address ); ?>">
</div>
<div class="form-field">
<label for="term_meta[sp_latitude]"><?php _e( 'Latitude', 'sportspress' ); ?></label>
<label for="term_meta[sp_latitude]"><?php esc_html_e( 'Latitude', 'sportspress' ); ?></label>
<input type="text" class="sp-latitude" name="term_meta[sp_latitude]" id="term_meta[sp_latitude]" value="<?php echo esc_attr( $latitude ); ?>">
</div>
<div class="form-field">
<label for="term_meta[sp_longitude]"><?php _e( 'Longitude', 'sportspress' ); ?></label>
<label for="term_meta[sp_longitude]"><?php esc_html_e( 'Longitude', 'sportspress' ); ?></label>
<input type="text" class="sp-longitude" name="term_meta[sp_longitude]" id="term_meta[sp_longitude]" value="<?php echo esc_attr( $longitude ); ?>">
</div>
<?php
@@ -149,23 +149,23 @@ class SP_Admin_Taxonomies {
<tr class="form-field">
<td colspan="2">
<p><div id="sp-location-picker" class="sp-location-picker" style="width: 95%; height: 320px"></div></p>
<p class="description"><?php _e( "Drag the marker to the venue's location.", 'sportspress' ); ?></p>
<p class="description"><?php esc_html_e( "Drag the marker to the venue's location.", 'sportspress' ); ?></p>
</td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="term_meta[sp_address]"><?php _e( 'Address', 'sportspress' ); ?></label></th>
<th scope="row" valign="top"><label for="term_meta[sp_address]"><?php esc_html_e( 'Address', 'sportspress' ); ?></label></th>
<td>
<input type="text" class="sp-address" name="term_meta[sp_address]" id="term_meta[sp_address]" value="<?php echo esc_attr( $address ); ?>">
</td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="term_meta[sp_latitude]"><?php _e( 'Latitude', 'sportspress' ); ?></label></th>
<th scope="row" valign="top"><label for="term_meta[sp_latitude]"><?php esc_html_e( 'Latitude', 'sportspress' ); ?></label></th>
<td>
<input type="text" class="sp-latitude" name="term_meta[sp_latitude]" id="term_meta[sp_latitude]" value="<?php echo esc_attr( $latitude ); ?>">
</td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="term_meta[sp_longitude]"><?php _e( 'Longitude', 'sportspress' ); ?></label></th>
<th scope="row" valign="top"><label for="term_meta[sp_longitude]"><?php esc_html_e( 'Longitude', 'sportspress' ); ?></label></th>
<td>
<input type="text" class="sp-longitude" name="term_meta[sp_longitude]" id="term_meta[sp_longitude]" value="<?php echo esc_attr( $longitude ); ?>">
</td>
@@ -183,7 +183,7 @@ class SP_Admin_Taxonomies {
public function add_position_fields() {
?>
<div class="form-field">
<label><?php _e( 'Statistics', 'sportspress' ); ?></label>
<label><?php esc_html_e( 'Statistics', 'sportspress' ); ?></label>
<select name="term_meta[sp_sections][]" id="term_meta[sp_sections][]" class="widefat chosen-select
<?php
if ( is_rtl() ) :
@@ -201,7 +201,7 @@ class SP_Admin_Taxonomies {
)
);
foreach ( $options as $key => $value ) :
printf( '<option value="%s" %s>%s</option>', $key, selected( true ), $value );
printf( '<option value="%s" %s>%s</option>', esc_attr( $key ), selected( true ), esc_html( $value ) );
endforeach;
?>
</select>
@@ -220,7 +220,7 @@ class SP_Admin_Taxonomies {
$sections = sp_get_term_sections( $t_id );
?>
<tr class="form-field">
<th scope="row" valign="top"><label for="term_meta[sp_sections]"><?php _e( 'Statistics', 'sportspress' ); ?></label></th>
<th scope="row" valign="top"><label for="term_meta[sp_sections]"><?php esc_html_e( 'Statistics', 'sportspress' ); ?></label></th>
<input type="hidden" name="term_meta[sp_sections]" value="">
<td>
<select name="term_meta[sp_sections][]" id="term_meta[sp_sections][]" class="widefat chosen-select
@@ -240,7 +240,7 @@ class SP_Admin_Taxonomies {
)
);
foreach ( $options as $key => $value ) :
printf( '<option value="%s" %s>%s</option>', $key, selected( in_array( $key, $sections ), true, false ), $value );
printf( '<option value="%s" %s>%s</option>', esc_attr( $key ), selected( in_array( $key, $sections ), true, false ), esc_html( $value ) );
endforeach;
?>
</select>
@@ -249,7 +249,7 @@ class SP_Admin_Taxonomies {
<?php if ( function_exists( 'get_term_meta' ) ) { ?>
<?php $order = get_term_meta( $t_id, 'sp_order', true ); ?>
<tr class="form-field">
<th scope="row" valign="top"><label for="sp_order"><?php _e( 'Order', 'sportspress' ); ?></label></th>
<th scope="row" valign="top"><label for="sp_order"><?php esc_html_e( 'Order', 'sportspress' ); ?></label></th>
<td><input name="sp_order" class="sp-number-input" type="text" step="1" size="4" id="sp_order" value="<?php echo (int) $order; ?>"></td>
</tr>
<?php } ?>

44
includes/admin/class-sp-admin-welcome.php
View File

@@ -107,9 +107,9 @@ class SP_Admin_Welcome {
unset( $version[2] );
$display_version = implode( '.', $version );
?>
<h1 class="sp-welcome-logo"><?php echo apply_filters( 'sportspress_logo', '<img src="' . plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/sportspress' . ( class_exists( 'SportsPress_Pro' ) ? '-pro' : '' ) . '.png" alt="' . __( 'SportsPress', 'sportspress' ) . '">' ); ?></h1>
<h1 class="sp-welcome-logo"><?php echo wp_kses_post( apply_filters( 'sportspress_logo', '<img src="' . plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/sportspress' . ( class_exists( 'SportsPress_Pro' ) ? '-pro' : '' ) . '.png" alt="' . __( 'SportsPress', 'sportspress' ) . '">' ) ); ?></h1>
<div class="sp-badge"><?php printf( __( 'Version %s', 'sportspress' ), SP()->version ); ?></div>
<div class="sp-badge"><?php printf( esc_html__( 'Version %s', 'sportspress' ), esc_html( SP()->version ) ); ?></div>
<div class="about-text sp-about-text">
<?php
@@ -121,13 +121,13 @@ class SP_Admin_Welcome {
$message = __( 'Thanks for installing!', 'sportspress' );
}
printf( __( '%1$s SportsPress %2$s has lots of refinements we think you&#8217;ll love.', 'sportspress' ), $message, $display_version );
printf( esc_html__( '%1$s SportsPress %2$s has lots of refinements we think you&#8217;ll love.', 'sportspress' ), esc_html( $message ), esc_html( $display_version ) );
?>
</div>
<a href="
<?php
echo admin_url(
echo esc_url( admin_url(
add_query_arg(
array(
'page' => 'sportspress',
@@ -135,10 +135,10 @@ class SP_Admin_Welcome {
),
'admin.php'
)
);
) );
?>
" class="button button-primary"><?php _e( 'Settings', 'sportspress' ); ?></a>
<a href="<?php echo esc_url( apply_filters( 'sportspress_docs_url', 'http://tboy.co/docs', 'sportspress' ) ); ?>" class="docs button button-primary"><?php _e( 'Docs', 'sportspress' ); ?></a>
" class="button button-primary"><?php esc_html_e( 'Settings', 'sportspress' ); ?></a>
<a href="<?php echo esc_url( apply_filters( 'sportspress_docs_url', 'http://tboy.co/docs', 'sportspress' ) ); ?>" class="docs button button-primary"><?php esc_html_e( 'Docs', 'sportspress' ); ?></a>
<a href="https://twitter.com/share" class="twitter-share-button" data-url="http://wordpress.org/plugins/sportspress" data-text="An open-source (free) #WordPress plugin that helps you build professional league websites" data-via="ThemeBoy" data-size="large" data-hashtags="SportsPress">Tweet</a>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
</p>
@@ -150,14 +150,14 @@ class SP_Admin_Welcome {
echo 'nav-tab-active';}
?>
" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'sp-about' ), 'index.php' ) ) ); ?>">
<?php _e( 'Welcome', 'sportspress' ); ?>
<?php esc_html_e( 'Welcome', 'sportspress' ); ?>
</a><a class="nav-tab
<?php
if ( $_GET['page'] == 'sp-credits' ) {
echo 'nav-tab-active';}
?>
" href="<?php echo esc_url( admin_url( add_query_arg( array( 'page' => 'sp-credits' ), 'index.php' ) ) ); ?>">
<?php _e( 'Credits', 'sportspress' ); ?>
<?php esc_html_e( 'Credits', 'sportspress' ); ?>
</a>
</h2>
<?php
@@ -188,7 +188,7 @@ class SP_Admin_Welcome {
update_option( 'sportspress_installed', 1 );
?>
<div id="message" class="updated sportspress-message">
<p><strong><?php _e( 'Your settings have been saved.', 'sportspress' ); ?></strong></p>
<p><strong><?php esc_html_e( 'Your settings have been saved.', 'sportspress' ); ?></strong></p>
</div>
<?php
endif;
@@ -207,19 +207,19 @@ class SP_Admin_Welcome {
<div class="feature-section three-col">
<div class="col">
<img src="<?php echo plugin_dir_url( SP_PLUGIN_FILE ); ?>assets/images/welcome/screenshot-conditional-equations.png" alt="Screenshot">
<img src="<?php echo esc_url( plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/screenshot-conditional-equations.png' );?>" alt="Screenshot">
<h3>Conditional Equations</h3>
<p>Use the newly introduced conditional operators <strong>&gt;</strong>, <strong>&lt;</strong>, <strong>&equiv;</strong>, <strong>&ne;</strong>, <strong>&ge;</strong>, and <strong>&le;</strong> to calculate the relationship between variables, then insert that calculation into more complex equations. Visit the <a href="<?php echo add_query_arg( array( 'page' => 'sportspress-config' ), admin_url( 'admin.php' ) ); ?>">Configure</a> page to edit variables and equations.</p>
<p>Use the newly introduced conditional operators <strong>&gt;</strong>, <strong>&lt;</strong>, <strong>&equiv;</strong>, <strong>&ne;</strong>, <strong>&ge;</strong>, and <strong>&le;</strong> to calculate the relationship between variables, then insert that calculation into more complex equations. Visit the <a href="<?php echo esc_url( add_query_arg( array( 'page' => 'sportspress-config' ), admin_url( 'admin.php' ) ) ); ?>">Configure</a> page to edit variables and equations.</p>
</div>
<div class="col">
<img src="<?php echo plugin_dir_url( SP_PLUGIN_FILE ); ?>assets/images/welcome/screenshot-event-specs.png" alt="Screenshot">
<img src="<?php echo esc_url( plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/screenshot-event-specs.png' );?>" alt="Screenshot">
<h3>Event Specs</h3>
<p>Measure and display additional details per event using the new <strong>Event Specs</strong> variables. They are customizable and can be useful for keeping track of information like player of the match, attendance, and venue weather.
</div>
<div class="col">
<img src="<?php echo plugin_dir_url( SP_PLUGIN_FILE ); ?>assets/images/welcome/screenshot-next-team.png" alt="Screenshot">
<img src="<?php echo esc_url( plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/screenshot-next-team.png' );?>" alt="Screenshot">
<h3>Next Team Column</h3>
<p>Provide a quick overview of who each team is playing next using the new <strong>Next Team</strong> preset for <a href="<?php echo add_query_arg( array( 'post_type' => 'sp_column' ), admin_url( 'edit.php' ) ); ?>">league table columns</a>. This will automatically display the next team's name or logo that links to the next match for each team in the table.<p>
<p>Provide a quick overview of who each team is playing next using the new <strong>Next Team</strong> preset for <a href="<?php echo esc_url( add_query_arg( array( 'post_type' => 'sp_column' ), admin_url( 'edit.php' ) ) ); ?>">league table columns</a>. This will automatically display the next team's name or logo that links to the next match for each team in the table.<p>
</div>
</div>
@@ -234,25 +234,25 @@ class SP_Admin_Welcome {
<div class="feature-section three-col">
<div class="col">
<img src="<?php echo plugin_dir_url( SP_PLUGIN_FILE ); ?>assets/images/welcome/screenshot-results-matrix.png" alt="Results Matrix">
<img src="<?php echo esc_url( plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/screenshot-results-matrix.png' );?>" alt="Results Matrix">
<h3>Results Matrix</h3>
<p>Display matches between home and away team in a grid. Create or select an existing calendar and select the <strong>Matrix</strong> layout to convert the calendar to an interactive results matrix!</p>
</div>
<div class="col">
<img src="<?php echo plugin_dir_url( SP_PLUGIN_FILE ); ?>assets/images/welcome/screenshot-midseason-transfers.png" alt="Midseason Transfers">
<img src="<?php echo esc_url( plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/screenshot-midseason-transfers.png' );?>" alt="Midseason Transfers">
<h3>Midseason Transfers</h3>
<p>Keep track of players that switched teams during a season by adding one or more extra rows to their statistics table. Display the team and partial statistics before and after the transfer.<p>
</div>
<div class="col">
<img src="<?php echo plugin_dir_url( SP_PLUGIN_FILE ); ?>assets/images/welcome/screenshot-vertical-timelines.png" alt="Vertical Timelines">
<img src="<?php echo esc_url( plugin_dir_url( SP_PLUGIN_FILE ) . 'assets/images/welcome/screenshot-vertical-timelines.png' );?>" alt="Vertical Timelines">
<h3>Vertical Timelines</h3>
<p>Display a match commentary style play-by-play timeline within events. <a href="<?php echo esc_url( apply_filters( 'sportspress_pro_url', 'http://tboy.co/pro' ) ); ?>">Upgrade to SportsPress Pro</a> to get access to <strong>Timelines</strong> and other pro features.<p>
</div>
</div>
<a class="button button-primary button-hero" href="<?php echo esc_url( apply_filters( 'sportspress_pro_url', 'http://tboy.co/pro' ) ); ?>"><?php _e( 'Upgrade to Pro', 'sportspress' ); ?></a>
<a class="button button-primary button-hero" href="<?php echo esc_url( apply_filters( 'sportspress_pro_url', 'http://tboy.co/pro' ) ); ?>"><?php esc_html_e( 'Upgrade to Pro', 'sportspress' ); ?></a>
<p><?php _e( 'Get SportsPress Pro to get access to all modules. You can upgrade any time without losing any of your data.', 'sportspress' ); ?></p>
<p><?php esc_html_e( 'Get SportsPress Pro to get access to all modules. You can upgrade any time without losing any of your data.', 'sportspress' ); ?></p>
<?php } ?>
<hr>
@@ -266,7 +266,7 @@ class SP_Admin_Welcome {
<div class="feature-section three-col">
<div class="col">
<h3>Player Assignments</h3>
<p>Players will now be saved using a new data format that allows them to belong to multiple leagues, seasons, and teams and be accurately selected in <a href="<?php echo add_query_arg( array( 'post_type' => 'sp_list' ), admin_url( 'edit.php' ) ); ?>">player lists</a>.</p>
<p>Players will now be saved using a new data format that allows them to belong to multiple leagues, seasons, and teams and be accurately selected in <a href="<?php echo esc_url( add_query_arg( array( 'post_type' => 'sp_list' ), admin_url( 'edit.php' ) ) ); ?>">player lists</a>.</p>
</div>
<div class="col">
<h3>Current Team Column</h3>
@@ -316,7 +316,7 @@ class SP_Admin_Welcome {
)
);
?>
"><?php _e( 'Go to SportsPress Settings', 'sportspress' ); ?></a>
"><?php esc_html_e( 'Go to SportsPress Settings', 'sportspress' ); ?></a>
</div>
<?php
}

6
includes/admin/class-sp-admin.php
View File

@@ -109,9 +109,9 @@ class SP_Admin {
<script type="text/javascript">
(function($) {
$(".wrap .page-title-action").first().after(
$("<a class=\"add-new-h2\" href=\"<?php echo esc_url( admin_url( add_query_arg( array( 'import' => 'sp_fixture_csv' ), 'admin.php' ) ) ); ?>\"><?php _e( 'Import Fixtures', 'sportspress' ); ?></a>")
$("<a class=\"add-new-h2\" href=\"<?php echo esc_url( admin_url( add_query_arg( array( 'import' => 'sp_fixture_csv' ), 'admin.php' ) ) ); ?>\"><?php esc_html_e( 'Import Fixtures', 'sportspress' ); ?></a>")
).after(
$("<a class=\"add-new-h2\" href=\"<?php echo esc_url( admin_url( add_query_arg( array( 'import' => 'sp_event_csv' ), 'admin.php' ) ) ); ?>\"><?php _e( 'Import Events', 'sportspress' ); ?></a>")
$("<a class=\"add-new-h2\" href=\"<?php echo esc_url( admin_url( add_query_arg( array( 'import' => 'sp_event_csv' ), 'admin.php' ) ) ); ?>\"><?php esc_html_e( 'Import Events', 'sportspress' ); ?></a>")
);
})(jQuery);
</script>
@@ -123,7 +123,7 @@ class SP_Admin {
<script type="text/javascript">
(function($) {
$(".wrap .page-title-action").first().after(
$("<a class=\"add-new-h2\" href=\"<?php echo esc_url( admin_url( add_query_arg( array( 'import' => $typenow . '_csv' ), 'admin.php' ) ) ); ?>\"><?php _e( 'Import', 'sportspress' ); ?></a>")
$("<a class=\"add-new-h2\" href=\"<?php echo esc_url( admin_url( add_query_arg( array( 'import' => $typenow . '_csv' ), 'admin.php' ) ) ); ?>\"><?php esc_html_e( 'Import', 'sportspress' ); ?></a>")
);
})(jQuery);
</script>